efe78133c9
OAuth 2: add an integration test for scope aliases
2022-04-22 01:31:22 +04:00
9d72a4a804
OAuth 2: more scope aliasing tests
2022-04-22 00:38:26 +04:00
a242fb9f3d
OAuth 2: refactor unit_SUITE
2022-04-21 16:28:44 +04:00
0862199b9e
OAuth 2: initial scope aliasing test
2022-04-21 14:16:46 +04:00
a2a54686e7
OAuth 2: initial work on scope aliases
...
Per discussion with @MarcialRosales, we try to fetch
aliases from two sources, based on feedback from two different
users who seemingly rely on the same family of identity
provider products:
* Use the JWT scope field value first
* Use extra_scopes_source app env setting second
Just like with the existing extra scopes/complex claim
support originally contributed for Keycloak/identityProvider,
we merge all these scopes obtained from "alternative sources"
with the value of the JWT scopes field. This implicitly
assumes that the result makes sense semantically and
there will not be conflicting scopes. That's on the user to
make sure of.
References #4588
2022-04-20 14:29:31 +04:00
dba25f6462
Replace files with symlinks
...
This prevents duplicated and out-of-date instructions.
2022-04-15 06:04:29 -07:00
c38a3d697d
Bump (c) year
2022-03-21 01:21:56 +04:00
4a2f61a49a
Fix usage of add_uaa_key command
...
Switch is --pem-file, not --pem_file.
2022-03-09 16:24:05 +01:00
8443305e49
Remove Travis CI badge in OAuth 2 plugin
2022-03-02 08:57:40 +01:00
dabf053cf8
Additional dialyzer warning fixes
...
Currently loading of the rabbitmq_cli defined behaviors compiled with
Elixir does not work, so we ignore the callback definitions contained therein
2022-02-25 18:14:35 +01:00
226e00fcd2
Tighten up dialyzer usage
...
now that rules_erlang no longer cascades up dialyzer warnings from deps
2022-02-24 11:18:41 +01:00
d8201726ae
Ignore dialyzer warnings for most apps
2022-02-21 09:19:56 +01:00
608d11a3f8
convert additional_scopes_param to the correct equivalent
2022-02-03 18:13:08 +01:00
efcd881658
Use rules_erlang v2
...
bazel-erlang has been renamed rules_erlang. v2 is a substantial
refactor that brings Windows support. While this alone isn't enough to
run all rabbitmq-server suites on windows, one can at least now start
the broker (bazel run broker) and run the tests that do not start a
background broker process
2022-01-18 13:43:46 +01:00
575b6a1188
Increase token expiration time
2021-12-14 17:18:09 +07:00
8aeca45a17
Start SSL app for testing server
2021-12-14 16:47:20 +07:00
0bc7c98bda
Standardise README.md
2021-12-14 12:22:55 +07:00
868443deb0
Correct configuration example in README.md
2021-12-14 11:28:33 +07:00
ea8ad0e3e3
Add timeout for httpc request
2021-12-14 11:28:33 +07:00
093a04323b
Add configurable crl_check and fail_if_no_peer_cert
...
- Add configuration: crl_check, fail_if_no_peer_cert
- Correct configuration: hostname_verification
2021-12-14 11:28:33 +07:00
118e44c10e
Add wildcard configuration
...
A "wildcard" configuration is added to enable key server verification with wildcard certificate
2021-12-14 11:28:33 +07:00
a9bc1c0ce9
Update README.md
...
- Update new configuration document
- Add configurable "depth" for key server verification
2021-12-14 11:28:33 +07:00
8c541fb047
Set peer_verification default as verify_none
2021-12-14 11:28:33 +07:00
1615cbfb8b
Update better configuration names
...
- "strict" changes to "https.peer_verification"
- "cacertfile" changes to "https.cacertfile"
2021-12-14 11:28:33 +07:00
dd685f1179
Oauth2 plugin improvements
...
- Validate JWKS server when getting keys
- Restrict usable algorithms
2021-12-14 11:28:33 +07:00
acf474e056
Fix cuttlefish config for oauth2
...
The structure of the signing_keys map should be `<<"id">> => {pem, <<"key">>}`.
Previously it was mapped directly as `<<"id">> => <<"key">>`.
2021-11-18 12:58:57 +01:00
b8cabfe3dd
bump test timeouts
2021-07-28 08:37:40 +02:00
2a6a9c786b
Bazel test timeouts
2021-07-27 10:57:50 +02:00
abc8703fd8
Bump test timeouts in bazel
2021-07-26 11:09:09 +02:00
8f9de08de7
Also assert no missing suites for all other deps
2021-07-12 18:05:55 +02:00
8c7e7e0656
Revert "Default all `rabbitmq_integration_suite` to flaky in bazel"
...
This reverts commit 70cb8147b2
2021-06-23 20:53:14 +02:00
70cb8147b2
Default all `rabbitmq_integration_suite` to flaky in bazel
...
Most tests that can start rabbitmq nodes have some chance of
flaking. Rather than chase individual flakes for now, this commit
changes the default (though it can still be overriden, as is the case
for config_scheme_SUITE in many places, since I have yet to see that
particular suite flake).
2021-06-21 16:10:38 +02:00
604fbfac3a
Depend on erlang-jose ref with fix for potatosalad/erlang-jose#113
2021-06-10 15:49:39 +03:00
ab795c1232
OAuth 2 system_SUITE: squash some erlc warnings
2021-06-10 15:48:33 +03:00
37f5744833
Add rabbitmq_auth_backend_oauth2 system_SUITE to bazel
2021-06-09 17:43:20 +02:00
30f9a95b9f
Add dialyze for remaning tier-1 plugins
2021-06-01 10:19:10 +02:00
98e71c45d8
Perform xref checks on many tier-1 plugins
2021-05-21 12:03:22 +02:00
c13c2af614
Bazel file refactoring
2021-05-11 12:03:27 +02:00
ec5954fe9c
Refactor rabbitmq_auth_backend_oauth2 bazel
2021-05-11 10:52:28 +02:00
05cb5f8fa6
Set correct field for extra scope and improve doc
...
- Replace additional_rabbitmq_scopes in doc for the correct extra_scopes_source value
- Add samples
- More details for audiance checkup on token
2021-04-16 15:27:58 +02:00
072a1c0462
Refactor and dedupe .bazel file content
2021-04-16 10:22:44 +02:00
78bb20f0aa
Adopt change of suite_name -> name in ct_suite from @bazel-erlang
2021-04-08 14:25:06 +02:00
2f17113154
Add deps/rabbitmq_auth_mechanism_ssl to bazel build
2021-04-06 14:30:14 +02:00
64f6c18cb8
Add the rabbitmq_auth_backend_oauth2 suite
...
requires recent @bazel-erlang updates
2021-03-31 19:11:32 +02:00
a63f169fcb
Remove duplicate rabbitmq-components.mk and erlang.mk files
...
Also adjust the references in rabbitmq-components.mk to account for
post monorepo locations
2021-03-22 15:40:19 +01:00
52f745dcde
Update rabbitmq-components.mk
...
use v1.x branch of ra
2021-03-18 15:14:40 +00:00
d5e3bdd623
Add ADDITIONAL_PLUGINS variable
...
This allows including additional applications or third party
plugins when creating a release, running the broker locally,
or just building from the top-level Makefile.
To include Looking Glass in a release, for example:
$ make package-generic-unix ADDITIONAL_PLUGINS="looking_glass"
A Docker image can then be built using this release and will
contain Looking Glass:
$ make docker-image
Beware macOS users! Applications such as Looking Glass include
NIFs. NIFs must be compiled in the right environment. If you
are building a Docker image then make sure to build the NIF
on Linux! In the two steps above, this corresponds to Step 1.
To run the broker with Looking Glass available:
$ make run-broker ADDITIONAL_PLUGINS="looking_glass"
This commit also moves Looking Glass dependency information
into rabbitmq-components.mk so it is available at all times.
2021-03-12 12:29:28 +01:00
97ff62d3b2
Drop trailing newlines from logged messages where possible
...
Lager strips trailing newline characters but OTP logger with the default
formatter adds a newline at the end. To avoid unintentional multi-line log
messages we have to revisit most messages logged.
Some log entries are intentionally multiline, others
are printed to stdout directly: newlines are required there
for sensible formatting.
2021-03-11 15:17:37 +01:00
cdcf602749
Switch from Lager to the new Erlang Logger API for logging
...
The configuration remains the same for the end-user. The only exception
is the log root directory: it is now set through the `log_root`
application env. variable in `rabbit`. People using the Cuttlefish-based
configuration file are not affected by this exception.
The main change is how the logging facility is configured. It now
happens in `rabbit_prelaunch_logging`. The `rabbit_lager` module is
removed.
The supported outputs remain the same: the console, text files, the
`amq.rabbitmq.log` exchange and syslog.
The message text format slightly changed: the timestamp is more precise
(now to the microsecond) and the level can be abbreviated to always be
4-character long to align all messages and improve readability. Here is
an example:
2021-03-03 10:22:30.377392+01:00 [dbug] <0.229.0> == Prelaunch DONE ==
2021-03-03 10:22:30.377860+01:00 [info] <0.229.0>
2021-03-03 10:22:30.377860+01:00 [info] <0.229.0> Starting RabbitMQ 3.8.10+115.g071f3fb on Erlang 23.2.5
2021-03-03 10:22:30.377860+01:00 [info] <0.229.0> Licensed under the MPL 2.0. Website: https://rabbitmq.com
The example above also shows that multiline messages are supported and
each line is prepended with the same prefix (the timestamp, the level
and the Erlang process PID).
JSON is also supported as a message format and now for any outputs.
Indeed, it is possible to use it with e.g. syslog or the exchange. Here
is an example of a JSON-formatted message sent to syslog:
Mar 3 11:23:06 localhost rabbitmq-server[27908] <0.229.0> - {"time":"2021-03-03T11:23:06.998466+01:00","level":"notice","msg":"Logging: configured log handlers are now ACTIVE","meta":{"domain":"rabbitmq.prelaunch","file":"src/rabbit_prelaunch_logging.erl","gl":"<0.228.0>","line":311,"mfa":["rabbit_prelaunch_logging","configure_logger",1],"pid":"<0.229.0>"}}
For quick testing, the values accepted by the `$RABBITMQ_LOGS`
environment variables were extended:
* `-` still means stdout
* `-stderr` means stderr
* `syslog:` means syslog on localhost
* `exchange:` means logging to `amq.rabbitmq.log`
`$RABBITMQ_LOG` was also extended. It now accepts a `+json` modifier (in
addition to the existing `+color` one). With that modifier, messages are
formatted as JSON intead of plain text.
The `rabbitmqctl rotate_logs` command is deprecated. The reason is
Logger does not expose a function to force log rotation. However, it
will detect when a file was rotated by an external tool.
From a developer point of view, the old `rabbit_log*` API remains
supported, though it is now deprecated. It is implemented as regular
modules: there is no `parse_transform` involved anymore.
In the code, it is recommended to use the new Logger macros. For
instance, `?LOG_INFO(Format, Args)`. If possible, messages should be
augmented with some metadata. For instance (note the map after the
message):
?LOG_NOTICE("Logging: switching to configured handler(s); following "
"messages may not be visible in this log output",
#{domain => ?RMQLOG_DOMAIN_PRELAUNCH}),
Domains in Erlang Logger parlance are the way to categorize messages.
Some predefined domains, matching previous categories, are currently
defined in `rabbit_common/include/logging.hrl` or headers in the
relevant plugins for plugin-specific categories.
At this point, very few messages have been converted from the old
`rabbit_log*` API to the new macros. It can be done gradually when
working on a particular module or logging.
The Erlang builtin console/file handler, `logger_std_h`, has been forked
because it lacks date-based file rotation. The configuration of
date-based rotation is identical to Lager. Once the dust has settled for
this feature, the goal is to submit it upstream for inclusion in Erlang.
The forked module is calld `rabbit_logger_std_h` and is based
`logger_std_h` in Erlang 23.0.
2021-03-11 15:17:36 +01:00
61f7b2a723
Update to ranch 2.0
2021-03-08 23:11:05 +01:00
b6c4831e75
Bump Lager to 3.9.1
2021-03-04 04:36:39 +03:00
66ac1bf5e9
Bump observer_cli to 1.6.1
...
More responsive when the system is overloaded with file calls.
2021-03-01 21:55:27 +03:00
8fe3df9343
Upgrade Lager to 3.9.0 for OTP 24 compatibility
...
`lager_util:expand_path/1` use changes are
due to erlang-lager/lager#540
2021-02-26 00:52:15 +03:00
f73e851f9c
Bump observer_cli to 1.6.0
2021-02-24 12:53:55 +03:00
a5098b28a7
Bump Lager to 3.8.2 for OTP 24 compatibility
2021-02-24 12:53:30 +03:00
b2b37f5626
Merge pull request #2791 from Appva/feature/jwks
...
Support fetching JWT signing keys from JWKS endpoint
2021-02-23 09:48:25 +03:00
2a5ee5b407
Destructure in the function head
2021-02-22 17:14:04 +03:00
0d615080f2
Remove a clause that would never match
2021-02-22 17:12:44 +03:00
2273797d36
Bindings in Erlang use CamelCase
2021-02-22 17:07:47 +03:00
7a4b0783c8
cuttlefish:unvalid/1 expects a string
2021-02-22 17:01:43 +03:00
53fc8ebbe0
Make the tests green
...
Fix the snippet and make it more through.
2021-02-22 13:35:30 +01:00
c729e15112
WIP: cuttlefish support for oauth2 plugin
...
No support for symmetric key key options as this would make the
implementation much more complex and shouldn't really be used anyway.
WIP becasue while the code seems to work but tests fail.
2021-02-22 10:33:35 +01:00
543e8aa3a3
Enable jwks_http to run embedded without requiring a separate OTP application
2021-02-18 17:41:54 +01:00
68dd52e577
Move jwks_http modules into the test folder
2021-02-18 17:11:21 +01:00
742295583e
fix old link
2021-02-15 16:20:21 +01:00
91add59b9a
Document JWKS support
2021-02-05 12:01:38 +01:00
1a3d68be37
JWKS tests
2021-02-05 11:23:10 +01:00
480f7eaadf
Support fetching JWT signing keys from JWKS endpoint
2021-02-03 17:09:54 +01:00
4aa149b1b2
Bump JOSE dependency to 1.11
2021-02-01 21:30:51 +03:00
b921ac11a8
Merge pull request #2712 from rabbitmq/rabbitmq-stream-prometheus
...
Add stream prometheus plugin
2021-01-27 16:46:37 +01:00
52479099ec
Bump (c) year
2021-01-22 09:00:14 +03:00
bf72683eb2
Add stream prometheus plugin
2021-01-11 16:49:56 +01:00
23d7e8114c
Introduce stream management plugin
2020-11-19 14:48:25 +01:00
47686ee1f0
Remove unused .github directories
...
They were valid until the switch to the "monorepository" when everything
was merged into a single Git repository.
2020-11-17 13:33:16 +01:00
fb8e2be7df
Update rabbitmq-components.mk
2020-11-03 14:27:35 +01:00
9fca2b5db6
Update rabbitmq-components.mk
2020-10-21 12:55:31 +03:00
6993eb3cac
Merge pull request #51 from morsok/patch-1
...
[DOC] Add info about additional_rabbitmq_scopes
2020-10-08 15:17:37 +03:00
fdacaf9b92
Fix md linking error
2020-10-08 09:32:44 +02:00
57716223e0
Add support for using extra scopes standalone
...
This commit makes it possible to use additional sources of scopes in a token
standalone, without the need of combining them with existing ones.
2020-09-16 16:30:24 +02:00
9b0e853799
Simplify post_process_payload_keycloak
2020-09-01 17:17:15 +02:00
d966a66856
[DOC] Add info about additional_rabbitmq_scopes
2020-08-24 11:32:40 +02:00
d398ef9a12
Update rabbitmq-components.mk
2020-08-04 08:41:46 -07:00
7aabc7d397
Update rabbitmq-components.mk
2020-07-30 12:06:51 +02:00
ca5a1a5cf0
Update rabbitmq-components.mk
2020-07-29 10:02:02 -07:00
9ffd10aa30
Update erlang.mk
2020-07-21 14:31:52 +01:00
97f6a61434
Update rabbitmq-components.mk
2020-07-21 12:07:56 +02:00
391115a570
Update rabbitmq-components.mk
2020-07-21 03:42:44 +03:00
b471122e9b
Revert drop of Exhibit B on MPL 2.0
2020-07-20 16:57:22 +01:00
2bf9d30638
Update LICENSE
2020-07-20 10:41:31 +01:00
3c8c33c438
Update MPL2 license file, drop Exhibit B
...
and add a VMware copyright notice.
We did not mean to make this code Incompatible with Secondary Licenses
as defined in [1].
1. https://www.mozilla.org/en-US/MPL/2.0/FAQ/
2020-07-17 14:53:04 +03:00
f0d39cb4e2
Switch to Mozilla Public License 2.0 (MPL 2.0)
2020-07-10 20:27:35 +01:00
bf17f5de89
Update erlang.mk
2020-06-23 17:13:24 +02:00
474c0fc1b6
Bump Recon to 2.5.1
...
for Erlang 23 compatibility of 'rabbitmq-diagnostics observer'
References zhongwencool/observer_cli#68 .
2020-06-09 08:22:12 +03:00
6ebf80174d
Update README.md
2020-05-19 21:08:43 +03:00
9776180291
Reword a confusing sentence
2020-05-19 21:03:54 +03:00
ab8df7c70c
Update README.md
2020-04-29 18:19:16 +03:00
a366fc49ec
Update README.md
2020-04-29 18:18:30 +03:00
7dcc11cdfd
Update copyright (year 2020)
2020-03-10 16:05:48 +01:00
d8b77afceb
Merge pull request #45 from rabbitmq/rsa_keys
...
Improve error messages for verification failures with RSA keys
2020-03-10 00:23:33 +03:00
28080e1e2c
Log authentication rejection messages
...
Normally when auth fails, we simply log that it failed for a given
username. Since the username is ignored with the auth mechanism,
this does not provide sufficient context for debugging config
errors.
2020-03-09 12:49:48 +01:00
37d9a2bf77
Add a docker based example of rsa_keys
...
Add a simpler way of demonstrating asymmetric keys, where only
docker is required.
2020-03-09 12:49:48 +01:00
2b2a7471f5
Bump jose to 1.10.1
...
Primarily to reduce confusion about its licensing.
jose has been MIT-licensed since Dec 2018.
2020-03-09 11:04:25 +03:00
197e077078
Update rabbitmq-components.mk
2020-03-06 09:19:13 +00:00
4f32940765
Update erlang.mk
2020-03-06 09:17:19 +00:00
65238638fc
Travis CI: Update config from rabbitmq-common
2020-03-04 14:24:27 +01:00
4cb2d24b0c
Travis CI: Update config from rabbitmq-common
2020-03-04 11:17:13 +01:00
4eb61c19f0
Travis CI: Update config from rabbitmq-common
2020-03-03 14:53:37 +01:00
8d4b3439f9
Avoid using erlang:get_stacktrace/0 for improved OTP 23/24 compat
2020-02-27 22:22:32 +03:00
0acac56586
Update rabbitmq-components.mk
2020-02-11 15:31:41 +00:00
80dfdc64df
Use {pem, <<PEM>>} style configuration for asymmetric keys sample
...
This avoids having to mention fields like "n" (modulus) and "e"
(exponent) which are difficult to extract from the public key and then
encode.
2020-01-15 15:35:04 +01:00
e4870b9c70
(c) bump
2019-12-29 05:50:24 +03:00
a58c3f5f48
Git: Ignore copied CLI
2019-12-12 13:24:26 +01:00
aef9207977
Update rabbitmq-components.mk
2019-12-12 13:14:52 +01:00
c4789ac25a
Added missing comma in configuration example
2019-12-09 11:51:12 +01:00
e936e82292
Move up aud/scope binary to array conversion
...
This way scope is always an array which makes it easier for downstream
processing.
References #41
2019-12-05 14:26:17 +01:00
cb3fe65a07
Polish extra scopes source tests
...
Set up environment in init/end test functions, change some scopes in
test to make assertion more obvious.
References #41
2019-12-05 14:10:21 +01:00
d9073fba8d
Make this code less unorthodox, take 2
...
Also improves naming a bit.
2019-12-05 10:28:37 +03:00
7d2b069cbd
Make this code less unorthodox, take 1
2019-12-05 10:12:51 +03:00
9a230b0aeb
Resolve PR comments - rename variables.
2019-12-05 05:29:12 +01:00
3a04670a45
Implement support for gathering scopes from predefined JWT section and combine them with existing ones in post_process_payload () method. Create unit_SUITE and system_SUITE test cases.
2019-12-04 19:14:08 +01:00
1e0cb18279
Revert "Update rabbitmq-components.mk"
...
This reverts commit 157e9ce515
2019-10-30 12:03:53 +03:00
157e9ce515
Update rabbitmq-components.mk
2019-10-30 12:03:07 +03:00
764725fe71
Update rabbitmq-components.mk
2019-09-13 10:24:14 +01:00
60430d7a59
Update rabbitmq-components.mk
2019-09-04 10:30:52 +01:00
6c513b4a4e
Merge pull request #38 from rabbitmq/rabbitmq-auth-backend-oauth2-37-keycloak-support
...
Support Keycloak token format in post-processing
2019-08-22 08:20:49 +07:00
d4e3706937
Add management config settings to the symmetric key demo
2019-08-22 04:03:04 +03:00
f3405e46fa
Support Keycloak token format in post-processing
...
Scopes from the "authorization" field are extracted and replace the
value of the "scope" key in the parsed and processed token.
Fixes #37
2019-08-21 10:34:20 +02:00
9ea2c69588
Update rabbitmq-components.mk
2019-08-11 01:47:48 +10:00
420e482687
Update erlang.mk
2019-08-02 09:53:31 +02:00
838618de0c
Update rabbitmq-components.mk
2019-08-01 17:13:09 +03:00
16968e8c66
Remove unnecessary console output
2019-07-24 09:04:58 +02:00
f01f0fe023
Add GitHub templates
...
And LICENSE file.
Fixes #33
2019-07-18 14:28:41 -07:00
01e05dbb77
Add Code of Conduct and Contributing files
...
Standard for tier 1 RabbitMQ plugins.
References #33 .
2019-07-18 17:05:42 +03:00
49f1b6b043
Support simple strings in aud and scope fields
...
Simple strings are supported, strings with spaces are split into arrays.
The strings are split upfront, the Erlang representation of the token
does not change, to avoid impacts in the code downstream.
Fixes #24
2019-07-12 09:45:02 +02:00
5f44635d05
uaa_jwt:get_jwk/1: return an error if there are no configured signing keys
...
Closes #30 .
2019-07-10 18:52:59 +03:00
833bb4cec9
Deal with unused parameter
2019-07-10 15:47:57 +02:00
29b9b9152c
Add early plugin dependency to compile command
...
Otherwise make xref fails.
2019-07-10 15:42:03 +02:00
cb81b0748f
Remove extra parameters from output call
2019-07-10 15:12:48 +02:00
de859d0e72
Document tag support
...
For management plugin access. Add a tag to the super user in the demo.
2019-07-09 17:44:27 +02:00
c83efe4db5
Update rabbitmq-components.mk
2019-07-09 16:05:50 +02:00
ae8b61a8aa
Check token expiration on authentication
2019-07-02 15:27:13 +02:00
fdb4693083
Integration suite: don't attempt to close channels on a closing connection
2019-07-02 13:20:36 +02:00
16f7328986
Integration suite: correctly compute expiration
...
it should be in seconds.
2019-07-02 12:15:17 +02:00
d44e4bce59
Integration tests for JWT token/secret updates; improved error reporting
2019-07-01 21:20:57 +02:00
8a8bda0369
More OAuth 2 token refresh tests (WIP)
2019-07-01 16:48:53 +02:00
961b8d0c55
Merge branch 'master' into oauth2-credential-expiration-support
2019-07-01 11:43:38 +02:00
907624372d
Update rabbitmq-components.mk
2019-07-01 11:36:34 +02:00
d9a0ddd6bd
Update erlang.mk
2019-07-01 11:36:17 +02:00
369e4158c1
Assert on operations on both new and existing channels
...
Per suggestion from @acogoluegnes.
2019-06-29 00:28:05 +02:00
4a4f81c374
Token refresh integration tests
...
Depend on recent updates in the Erlang client.
2019-06-28 18:44:33 +02:00
e80c125f0b
Implement secret (token) update
2019-06-27 22:08:18 +02:00
975e2bf177
Extract a constant
2019-06-27 16:04:58 +02:00
7e0ebb0fb1
Extract a constant
2019-06-27 16:04:34 +02:00
810b583015
Wording
2019-06-27 16:04:21 +02:00
1bc504d297
Token/state renewal stub
2019-06-27 11:19:33 +02:00
4b25eda38a
Mention arguments to change token validity for client
...
In demo.
2019-06-19 09:49:21 +02:00
4f9a4f0ac2
Add protocol-specific context
...
Just an update of check_resource_access/3 to check_resource_access/4,
the OAuth has no use of protocol-specific data for now.
References rabbitmq/rabbitmq-server#1767
2019-06-04 14:50:59 +02:00
0e81115336
Update environment variable to configure uaa
...
CLOUD_FOUNDRY_CONFIG_PATH became CLOUDFOUNDRY_CONFIG_PATH in uaa 4.31.
2019-06-04 11:41:47 +02:00
001752d4ec
Install cf-uaac gem, not uaac
2019-06-04 11:05:24 +02:00
8cb7b00642
URL Cleanup
...
This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener).
# HTTP URLs that Could Not Be Fixed
These URLs were unable to be fixed. Please review them to see if they can be manually resolved.
* http://blog.listincomprehension.com/search/label/procket (200) with 1 occurrences could not be migrated:
([https](https://blog.listincomprehension.com/search/label/procket ) result ClosedChannelException).
* http://dozzie.jarowit.net/trac/wiki/TOML (200) with 1 occurrences could not be migrated:
([https](https://dozzie.jarowit.net/trac/wiki/TOML ) result SSLHandshakeException).
* http://dozzie.jarowit.net/trac/wiki/subproc (200) with 1 occurrences could not be migrated:
([https](https://dozzie.jarowit.net/trac/wiki/subproc ) result SSLHandshakeException).
* http://e2project.org (200) with 1 occurrences could not be migrated:
([https](https://e2project.org ) result AnnotatedConnectException).
* http://nitrogenproject.com/ (200) with 2 occurrences could not be migrated:
([https](https://nitrogenproject.com/ ) result ConnectTimeoutException).
* http://proper.softlab.ntua.gr (200) with 1 occurrences could not be migrated:
([https](https://proper.softlab.ntua.gr ) result SSLHandshakeException).
* http://yaws.hyber.org (200) with 1 occurrences could not be migrated:
([https](https://yaws.hyber.org ) result AnnotatedConnectException).
* http://choven.ca (503) with 1 occurrences could not be migrated:
([https](https://choven.ca ) result ConnectTimeoutException).
# Fixed URLs
## Fixed But Review Recommended
These URLs were fixed, but the https status was not OK. However, the https status was the same as the http request or http redirected to an https URL, so they were migrated. Your review is recommended.
* http://fixprotocol.org/ (301) with 1 occurrences migrated to:
https://fixtrading.org ([https](https://fixprotocol.org/ ) result SSLHandshakeException).
* http://erldb.org (UnknownHostException) with 1 occurrences migrated to:
https://erldb.org ([https](https://erldb.org ) result UnknownHostException).
## Fixed Success
These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended.
* http://cloudi.org/ with 27 occurrences migrated to:
https://cloudi.org/ ([https](https://cloudi.org/ ) result 200).
* http://erlware.org/ with 1 occurrences migrated to:
https://erlware.org/ ([https](https://erlware.org/ ) result 200).
* http://inaka.github.io/cowboy-trails/ with 1 occurrences migrated to:
https://inaka.github.io/cowboy-trails/ ([https](https://inaka.github.io/cowboy-trails/ ) result 200).
* http://ninenines.eu with 6 occurrences migrated to:
https://ninenines.eu ([https](https://ninenines.eu ) result 200).
* http://www.actordb.com/ with 2 occurrences migrated to:
https://www.actordb.com/ ([https](https://www.actordb.com/ ) result 200).
* http://www.cs.kent.ac.uk/projects/wrangler/Home.html with 1 occurrences migrated to:
https://www.cs.kent.ac.uk/projects/wrangler/Home.html ([https](https://www.cs.kent.ac.uk/projects/wrangler/Home.html ) result 200).
* http://www.rabbitmq.com/access-control.html with 2 occurrences migrated to:
https://www.rabbitmq.com/access-control.html ([https](https://www.rabbitmq.com/access-control.html ) result 200).
* http://www.rabbitmq.com/configure.html with 1 occurrences migrated to:
https://www.rabbitmq.com/configure.html ([https](https://www.rabbitmq.com/configure.html ) result 200).
* http://www.rebar3.org with 1 occurrences migrated to:
https://www.rebar3.org ([https](https://www.rebar3.org ) result 200).
* http://inaka.github.com/apns4erl with 1 occurrences migrated to:
https://inaka.github.com/apns4erl ([https](https://inaka.github.com/apns4erl ) result 301).
* http://inaka.github.com/edis/ with 1 occurrences migrated to:
https://inaka.github.com/edis/ ([https](https://inaka.github.com/edis/ ) result 301).
* http://lasp-lang.org/ with 1 occurrences migrated to:
https://lasp-lang.org/ ([https](https://lasp-lang.org/ ) result 301).
* http://saleyn.github.com/erlexec with 1 occurrences migrated to:
https://saleyn.github.com/erlexec ([https](https://saleyn.github.com/erlexec ) result 301).
* http://www.mozilla.org/MPL/ with 6 occurrences migrated to:
https://www.mozilla.org/MPL/ ([https](https://www.mozilla.org/MPL/ ) result 301).
* http://zhongwencool.github.io/observer_cli with 1 occurrences migrated to:
https://zhongwencool.github.io/observer_cli ([https](https://zhongwencool.github.io/observer_cli ) result 301).
# Ignored
These URLs were intentionally ignored.
* http://localhost:8080/uaa/oauth/token with 1 occurrences
2019-03-20 03:11:57 -05:00
7764533d05
Sync erlang.mk from rabbitmq-common
2019-02-12 07:44:11 +03:00
a4b2dd775b
Sync rabbitmq-components.mk from rabbitmq-common
2019-02-12 07:43:54 +03:00
40410e5c01
spelling: exactly
...
(cherry picked from commit f5af5a4cb42c90147849dcc2e2b3705248fdd801)
2019-02-12 07:42:14 +03:00
414cff848a
spelling: following
...
(cherry picked from commit 9e9d347f5b59a21fd4f0c1a1c64ffc2fcf7481c2)
2019-02-12 07:41:41 +03:00
f23aa08e31
Since we install Erlang, use generic language
2018-08-01 07:49:53 -07:00
58d489fc09
Ignore elixir error
2018-08-01 07:47:43 -07:00
560a8cb99a
Add Travis CI build status to README.md
2018-08-01 07:43:40 -07:00
677cf48fba
Update Travis CI configuration
2018-08-01 07:42:42 -07:00
dfc9313717
Merge pull request #19 from rabbitmq/lrb-rename-uaa_jwt
...
Rename uaa_jwt app env setting to key_config
2018-08-01 03:12:18 +03:00
0e19df0ce4
Rename uaa_jwt app env setting to key_config
...
See this comment for context:
https://github.com/rabbitmq/rabbitmq-auth-backend-oauth2/pull/18#issuecomment-409016622
2018-07-31 15:51:20 -07:00
499d20a421
Fix typos in readme
2018-07-26 15:57:09 +02:00
3b61d8de4f
Fix typo
2018-07-25 16:33:09 +02:00
4a27ed2fdd
Add internal backend to symmetric_keys rmq config
2018-07-20 16:46:42 -07:00
30490995d9
Add missing rabbitmq_ct_client_helpers dependency needed by system_SUITE.erl
2018-07-20 15:29:15 -07:00
4bd726b5d4
uaa_jwt is no longer a separate application
...
In order for uaa_jwt settings to be populated by config files, they have to be part of a defined and running application. This PR adds support for a uaa_jwt sub-key of the main rabbitmq_auth_backend_oauth2 env key.
2018-07-20 15:25:09 -07:00
94238369b6
Auth backend module rename
2018-07-20 13:23:05 -07:00
613e35be64
Miscellaneous build and doc fixes
...
* Update erlang.mk to resolve S3 bucket issue
* Update README to indicate that tokens need to be in the password field when clients log in
2018-07-19 15:44:37 -07:00
9846147cfc
README edits and line ending conversion
2018-07-20 00:10:41 +03:00
f0178d7729
rabbitmq_auth_backend_uaa => rabbitmq_auth_backend_oauth2
...
"OAuth 2" is many things but it's still more descriptive, open-ended and easier
to find than "uaa" (too tool-specific) or "jwt" (too narrow, not known widely enough).
Per discussion with @hairyhum @kjnilsson.
2018-07-19 22:20:57 +03:00
5b002c5eab
Fold uaa_jwt into this plugin
...
Per discussion with @hairyhum.
2018-07-19 19:22:47 +03:00
f582760664
Add a missing \ to the seed script
2018-07-19 17:57:14 +03:00
6618c21b1f
More integration tests
...
[#158782152 ]
[#158782156 ]
2018-07-19 14:40:18 +03:00
2d52dda042
More integration tests
...
[#158782152 ]
[#158782156 ]
2018-07-18 18:25:10 +03:00
821f54c92a
More integration tests
...
[#158782152 ]
[#158782156 ]
2018-07-18 18:15:50 +03:00
8cc9e4f628
Initial integration tests
...
[#158782152 ]
[#158782156 ]
2018-07-18 02:34:23 +03:00
e3856ffa91
Include tag tests in more cases
...
[#158782152 ]
[#158782156 ]
2018-07-11 02:58:51 +03:00
37366191f2
Extract tags from the provided JWT token
...
Pair: @acogoluegnes.
[#158782152 ]
[#158782156 ]
2018-07-09 18:26:53 +03:00
3ed9d7eeb0
[Re]add tag authorities to the seed script
...
This is the same change as in b183a88cb6#158782152 ]
[#158782156 ]
2018-07-09 09:07:33 +03:00
fcb7a0f9b7
Set access token validity to 24 hours
2018-07-09 08:59:18 +03:00
ae15545881
Revert "Add tag authorities to the seed script"
...
This reverts commit b183a88cb6
2018-07-09 08:51:34 +03:00
ff5fdc0829
Logging, naming
...
[#158782152 ]
[#158782156 ]
2018-07-09 08:51:08 +03:00
915c45390c
Adopt uaa_jwt:client/2 and uaa_jwt:sub/2
...
[#158782152 ]
[#158782156 ]
2018-07-09 07:20:57 +03:00
b183a88cb6
Add tag authorities to the seed script
...
N.B. that commas are treated as separators on the client authority list,
so our original convention for tags, e.g. "rabbitmq.tags:management,policymaker",
won't work with UAA.
[#158782152 ]
[#158782156 ]
2018-07-09 05:46:05 +03:00
e5c84c31fa
Pass decoded token so that effective username is computed from it
...
[#158782152 ]
[#158782156 ]
2018-07-06 17:35:34 +03:00
cb4dfba58a
Expect access token in the password field
...
We cannot pass access tokens in the username since
those are logged and displayed by operator tools.
Per discussion with @acogoluegnes.
[#158782152 ]
[#158782156 ]
2018-07-05 19:50:12 +03:00
54bf34d9c7
Wording
...
[#158782152 ]
[#158782156 ]
2018-07-03 20:02:48 +03:00
435d5c7690
Split the unsuccessful authorization test into 3
...
[#158782152 ]
[#158782156 ]
2018-07-03 20:02:33 +03:00
c4269275db
Convert all suites to use EUnit matchers
...
[#158782152 ]
[#158782156 ]
2018-07-03 17:55:40 +03:00
7a758a2ece
More test massaging, remove debug logging
...
[#158782152 ]
[#158782156 ]
2018-07-03 16:27:58 +03:00
4cc2cfef89
Split and simplify unit tests; naming
2018-07-03 02:15:51 +03:00
085c7e6c71
Sync rabbitmq-components.mk, drop Elixir build system bits
2018-07-03 02:15:43 +03:00
2466897b3c
Add a seed script for development
...
[#157964874 ]
2018-07-02 22:01:12 +03:00
7cf71b01a6
Better errors when validating the decoded token
2018-06-25 15:51:29 +01:00
e69d894462
Fix demo script. Add rabbit_client client to request token.
2018-06-25 15:29:12 +01:00
dbdf2c0e13
Use master branch of uaa_jwt
2018-06-25 10:35:35 +01:00
032be9763b
Use erlang version of uaa_jwt and jose
2018-06-21 17:07:35 +01:00
d8e8819a06
Cosmetics
2017-09-29 17:27:32 +03:00
f9d0f202df
Ditto
2017-09-29 16:18:00 +03:00
43eccbbac9
Use a standard algo name here
2017-09-29 16:17:16 +03:00
346caf6c8a
Make sure "superuser" information is output last
...
It is more likely that the user won't read any of the output and
will copy the last token printed.
2017-09-29 15:53:26 +03:00
445d35860b
Make sure demo/setup.sh doesn't stop on subsequent runs
2017-09-29 15:44:33 +03:00
a45c1126bd
README edits
2017-09-29 14:49:33 +03:00
3c2f056306
Use HTTP to talk to the local UAA
...
It's sufficient for the purposes of this demo script.
2017-09-28 15:16:28 +03:00
298cc94c0d
Make demo/setup.sh executable
2017-09-28 14:58:12 +03:00
cdb142e68a
UAA configuration demo
2017-09-21 09:42:40 +01:00
3ee9e3f218
Correct pem_file key type
2017-09-20 16:44:01 +01:00
973ef5ccef
Add support for pem public key
2017-09-20 16:40:56 +01:00
e645ac65e3
Update rabbitmq-components.mk
2017-09-15 12:13:50 -06:00
b56089f24b
Update readme to mention RabbitMQ version requirement.
2017-09-15 17:44:50 +01:00
b21d8c63c6
Update erlang.mk
2017-08-30 19:35:00 +01:00
df624ffcfa
Update README.md
2017-07-17 20:19:31 +03:00
10ffe94340
Merge branch 'stable'
2017-06-29 23:34:11 +03:00
2dac3f3a5b
Sync rabbitmq-components.mk with common
2017-06-29 23:29:23 +03:00
a3be807c50
Makefile: Use GNU Make functions to set `$(MIX_ERL_LIBS)`
...
This gives a consistent result, as opposed to the shell-based variant
which produces a value which depends on the existing dependencies.
This change plus the new Makefile in `uaa_jwt` make sure that `uaa_jwt`
is found by Erlang, in particular in the testsuite.
2017-02-21 18:02:06 +01:00
560dde1bb2
Scope examples in README
2017-02-17 11:34:57 +00:00
5fdfda0846
Improve tests
2017-02-17 11:33:08 +00:00
b0eaa66f9d
README clarifications
2017-02-17 10:05:54 +00:00
b90da412e9
Add cowlib to DEPS
2017-02-17 09:33:30 +00:00
540f3452c9
Handle json parsing error
2017-02-16 15:58:39 +00:00
7b421e6ae1
Return error instead of error_message to comply with authz_backend API
2017-02-08 16:32:59 +00:00
c71c3eb292
Test token expiration
2017-02-03 13:01:24 +00:00
612c9eeacf
Do not decode token every time permission is checked.
...
Decoded token is saved to `impl`.
When permission is checked, the `exp` field of the token
is compared to system_time and if the token is expired
`{error_message, "Token expired"}` is returned.
2017-02-02 18:31:01 +00:00
24551ef095
Test default key support
2017-02-02 13:09:53 +00:00
a07b4485e6
Test key validation when adding via cli command
2017-02-02 12:25:38 +00:00
78bb2044fb
Test command validation
2017-02-02 11:29:25 +00:00
df197ad5b9
Command to add UAA signing keys
2017-02-01 17:15:10 +00:00
e7222ed218
Makefile: amqp_client is not needed, remove it from DEPS
2017-01-31 17:15:35 +01:00
2758f3f01a
Remove build.config; we use a vanilla erlang.mk
2017-01-31 17:15:01 +01:00
b7a4e4daec
Makefile: Add rabbit_common to BUILD_DEPS
...
It's required for the Erlang.mk plugins.
2017-01-31 12:23:33 +01:00
16c3866d7a
Makefile: Do not depend twice on `rabbit`
...
[#136341089 ]
2017-01-31 11:21:59 +01:00
afb59ddc20
Fix test to represent Jwt decoded extended scope permissions
2017-01-27 11:48:35 +00:00
759d66263b
Decode and verify UAA JWT tokens without connecting to UAA server
...
Fixes #3
Uses rabbitmq/uaa_jwt library to decode a token and verify signature.
Signing keys should be predefined in the uaa_jwt application environment
2017-01-27 11:32:14 +00:00
d696050da3
Wording, grammar
2017-01-27 01:57:30 +03:00
42e401e900
invalid_resource_authorization => resource_server_authentication_failed
...
HTTP 401 response can indicate an authorization failure as well
but let's assume authentication failures will be more common in this
specific case.
2017-01-27 01:51:48 +03:00
88ac9518e2
Wording
2017-01-27 01:47:05 +03:00
0e595fe48f
Wording
2017-01-27 01:39:25 +03:00
269a2729e0
This example doesn't actually seem to be case insensitive
2017-01-27 01:34:53 +03:00
ff88614186
Wording
2017-01-27 01:34:47 +03:00
a53e4d3cb9
Support topic authorization
2017-01-24 17:26:59 +00:00
11cf835d80
Readme for new scopes format
2016-12-20 14:55:53 +00:00
Michael Klishin
Luke Bakken
Arnaud Cogoluègnes
Philip Kuryloski
Lajos Gerecs
Anh Thi Lan Nguyen
Michal Kuratczyk
Michael Klishin
SkapiN
kjnilsson
Loïc Hoguin
Jean-Sébastien Pédron
dcorbacho
Michal Kuratczyk
Teo Klestrup Röijezon
Gabriele Santomaggio
Simon
Robert Gustafsson
Simon Alling
Alexandre amiche
Luke Bakken
Michael Klishin
Philip Kuryloski
Gerhard Lazu
Anton Dalgren
Michal Papuga
Spring Operator
Josh Soref
Michael Klishin
Daniil Fedotov
Daniil Fedotov