root
/
rabbitmq-server
mirror of https://github.com/rabbitmq/rabbitmq-server.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
52,593 Commits 191 Branches 546 Tags 290 MiB
Commit Graph

325 Commits

Author SHA1 Message Date
Marcial Rosales 51e27f8a3f Fix issue #6909 
Use the outcome from first authentication
stored in the #user.authz_backends to authenticate
subsequent attempts which occur when a session is
opened.
In particular, during the first authentication attempt
which occurs during the sasl handshake, the amqp 1.0
plugins reads and validates JWT token present in the
password field.
When a new AMQP 1.0 session is opened, the plugin creates
an internal AMQP connection which triggers a second/nth
authentication. For this second/nth authentication, the
plugin propagates as Authentication Credentials the outcome
from the first authentication which is stored in the
`#user.authz_backends`.
The Oauth2 backend first attempts to authenticate using
the password credentials else it uses the credential with the
key `rabbit_auth_backend_oauth2` which has a function which
returns the decoded token
 2023-01-31 11:45:59 +01:00
Rin Kuryloski b84e746ee9 Rework plt/dialyze for rabbitmqctl and plugins that depend on it 
This allows us to stop ignorning undefined callback warnings

When mix compiles rabbitmqctl, it produces a 'consolidated' directory
alongside the 'ebin' dir. Some of the modules in consolidated are
intended to be used instead of those provided by elixir. We now handle
the conflicts properly in the bazel build.
 2023-01-19 17:29:23 +01:00
Alexey Lebedeff 8164df8bb2 Fix all dialyzer warnings in auth backends 2023-01-19 16:01:30 +01:00
Rin Kuryloski 5ef8923462 Avoid the need to pass package name to rabbitmq_integration_suite 2023-01-18 15:25:27 +01:00
Rin Kuryloski a317b30807 Use improved assert_suites2 macro from rules_erlang 3.9.0 2023-01-18 15:07:06 +01:00
Marcial Rosales 9fca4a7446
Improve coverage 2023-01-03 07:09:02 -05:00
Marcial Rosales 9354397cbf
Support Idp initiated logon in mgt ui with Oauth 
Configure preferred username from a token
Make client_secret optional
 2023-01-03 07:09:00 -05:00
Michael Klishin 0a8dd19434
Cosmetics 
(cherry picked from commit 042725d8364bac3fed40df4dcdb534728dd56576)
 2023-01-02 07:15:58 -05:00
Michael Klishin ec4f1dba7d
(c) year bump: 2022 => 2023 2023-01-01 23:17:36 -05:00
Simon Unge 09d84e6bd5 See #4842. Obfuscate impl value 2022-11-09 15:14:51 -08:00
Luke Bakken 7fe159edef
Yolo-replace format strings 
Replaces `~s` and `~p` with their unicode-friendly counterparts.

```
git ls-files *.erl | xargs sed -i.ORIG -e s/~s>/~ts/g -e s/~p>/~tp/g
```
 2022-10-10 10:32:03 +04:00
Michael Klishin a9b72877f5 Bump deps: michaelklishin/erlang-jose and Thoas 2022-08-29 15:28:37 +04:00
Michael Klishin b14eee13b5 OAuth 2: rename a function 2022-08-23 14:30:03 +04:00
Michael Klishin 21e98f8b13 OAuth 2: unit_SUITE naming and wording 2022-08-23 13:20:01 +04:00
Michael Klishin 877f03082a
OAuth 2: use a separate system suite group for RAR 2022-08-23 12:59:59 +04:00
Marcial Rosales d321a30198
README edits 
Make it clear that the first sample location grants
access to any queue and/or exchange on the selected
vhost and cluster
 2022-08-22 16:16:16 +04:00
Michael Klishin 5629a7ccbb
OAuth 2 README: add a missing link 2022-08-22 16:16:16 +04:00
Michael Klishin 4134bbacfc
OAuth 2: edits per discussion with @marcialrosales 2022-08-22 16:16:16 +04:00
Michael Klishin 3a09139635
OAuth 2: more RAR doc edits 2022-08-22 16:16:15 +04:00
Michael Klishin 207162d535
OAuth 2: one more RAR doc edit 2022-08-22 16:16:15 +04:00
Michael Klishin 083abe52b7
OAuth 2 Cuttlefish schema: cosmetics 2022-08-22 16:16:15 +04:00
Michael Klishin 382c7f092b
OAuth 2: README edits 2022-08-22 16:16:15 +04:00
Michael Klishin 32242a5c7a
OAuth 2: README edits 2022-08-22 16:16:15 +04:00
Michael Klishin efc2878bdb
README edits 2022-08-22 16:16:15 +04:00
Marcial Rosales 3112fa962e
Update documentation 2022-08-22 16:16:14 +04:00
Marcial Rosales be36f91fb0
Update docs 2022-08-22 16:16:14 +04:00
Marcial Rosales 39fbeea628
Use user-tags without prefix tag: as action name 2022-08-22 16:16:14 +04:00
Marcial Rosales 8ee81896cf
Add missing test cases 2022-08-22 16:16:14 +04:00
Marcial Rosales 29b97e085b
Test single value for locations and actions 2022-08-22 16:16:14 +04:00
Marcial Rosales 9562ea53bc
Correct mistake in the translation example 2022-08-22 16:16:14 +04:00
Marcial Rosales 3dbb438f5a
Improve readability 2022-08-22 16:16:14 +04:00
Marcial Rosales 38e83ac8d4
Explain how permissions are translated to scopes 2022-08-22 16:16:13 +04:00
Marcial Rosales fa77f93448
Explain how the permissions translate to scopes 2022-08-22 16:16:13 +04:00
Marcial Rosales eb3f894d25
Update docs 2022-08-22 16:16:13 +04:00
Marcial Rosales 4be9bdbc08
Use wildcard library rather than re 
for cluster, vhost , queue , exchange,
and routing-key patterns
 2022-08-22 16:16:13 +04:00
Marcial Rosales 7cea128a48
Allow regular expression in location's cluster field 2022-08-22 16:16:13 +04:00
Marcial Rosales 4505fbd1dd
Remove print statement 2022-08-22 16:16:13 +04:00
Marcial Rosales d83401aaf1
Fix issue where the cluster was wrongly matched 
It looks like it was matching any cluster which started
with the value in resource_server_id rather than the
exact value
 2022-08-22 16:16:13 +04:00
Marcial Rosales a9d069e762
Make aud field optional 2022-08-22 16:16:12 +04:00
Marcial Rosales d69781a7ef
Support rich authorization request spec 2022-08-22 16:16:11 +04:00
Rin Kuryloski 575c5f9975 Remove all of the .travis.yml files 
since we no longer use them
 2022-08-16 09:46:31 +02:00
Michael Klishin 8f779ce461
Avoid direct references to jsx 
and remove an unused Honeycomb Common Test helper module
we ended up not using.

Discovered when spiking a JSON library switch to Thoas.

Pair: @pjk25
 2022-07-25 19:34:51 +04:00
Philip Kuryloski a250a533a4 Remove elixir related -ignore_xref calls 
As they are no longer necessary with xref2 and the erlang.mk updates
 2022-06-09 23:18:40 +02:00
Philip Kuryloski 15a79466b1 Use the new xref2 macro from rules_erlang 
That adopts the modern erlang.mk xref behaviour
 2022-06-09 23:18:28 +02:00
Philip Kuryloski 327f075d57 Make rabbitmq-server work with rules_erlang 3 
Also rework elixir dependency handling, so we no longer rely on mix to
fetch the rabbitmq_cli deps

Also:

- Specify ra version with a commit rather than a branch
- Fixup compilation options for erlang 23
- Add missing ra reference in MODULE.bazel
- Add missing flag in oci.yaml
- Reduce bazel rbe jobs to try to save memory
- Use bazel built erlang for erlang git master tests
- Use the same cache for all the workflows but windows
- Avoid using `mix local.hex --force` in elixir rules
  - Fetching seems blocked in CI, and this should reduce hex api usage in
    all builds, which is always nice
- Remove xref and dialyze tags since rules_erlang 3 includes them in
  the defaults
 2022-06-08 14:04:53 +02:00
Loïc Hoguin dc70cbf281
Update Erlang.mk and switch to new xref code 2022-05-31 13:51:12 +02:00
Péter Gömöri 52cb5796a3 Remove leftover compiler option for get_stacktrace 2022-05-03 18:40:49 +02:00
Michael Klishin c6de0fd155
Remove a stray ct:pal/2 call in production code 
References #4588, #4666
 2022-04-29 16:01:00 +04:00
Michael Klishin 38c5683377
OAuth 2: more tests in follow-up to #4588 2022-04-27 21:51:16 +04:00
Michael Klishin ca290f1116
OAuth 2: expand all scope aliases provided 
Per discussion with @MarcialRosales.

In follow-up to #4588.
 2022-04-27 21:21:40 +04:00