Skip to content

By @aaron-seo: Adds a new auth backend that only accepts loopback connections #13795

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 4 commits into from
Closed

By @aaron-seo: Adds a new auth backend that only accepts loopback connections #13795

wants to merge 4 commits into from

Conversation

michaelklishin
Copy link
Collaborator

This is #13767 by @aaron-seo.

aaron-seo added 4 commits April 9, 2025 12:53
@aaron-seo
Adds rabbit_auth_backend_internal_loopback
6d24aef 
This auth backend behaves the same as the internal backend provided in
the core broker, but it only accepts loopback connections. External
connection attempts will receive an error.
@aaron-seo
Fix doc typo for internal_loopback auth backend
803cd39
@aaron-seo
Add test suite for rabbitmq_auth_backend_internal_loopback
614ce25
@aaron-seo
Fallback to original implementation of plain auth_mechanism if socket…
3bcdc0f 
… is not provided
@michaelklishin michaelklishin changed the title Rabbitmq server 13767 By @aaron-seo: Adds a new auth backend that only accepts loopback connections Apr 24, 2025
@mergify Mergify
Copy link

mergify bot commented Apr 24, 2025

⚠️ The sha of the head commit of this PR conflicts with #13767. Mergify cannot evaluate rules on this PR. ⚠️

@michaelklishin
Copy link
Collaborator Author

@aaron-seo so the only failure there is is a Selenium suite but it does seem to be directly related.

@MarcialRosales is there anything that would immediately stand out to you?

@michaelklishin michaelklishin mentioned this pull request Apr 25, 2025
Closed
12 tasks
@MarcialRosales
Copy link
Contributor

MarcialRosales commented Apr 25, 2025
edited
Loading

When I run one of the failing selenium tests I capture the following stack trace in the logs. I can consistently reproduce this issue. If I run it from main it works fine:

2025-04-25 11:38:32.743764+02:00 [debug] <0.1229.0> [{rabbit_http_util,quote_plus,
2025-04-25 11:38:32.743764+02:00 [debug] <0.1229.0>                    [#Port<0.5439>,[]],
2025-04-25 11:38:32.743764+02:00 [debug] <0.1229.0>                    [{file,"rabbit_http_util.erl"},{line,136}]},
2025-04-25 11:38:32.743764+02:00 [debug] <0.1229.0>  {rabbit_auth_backend_http,escape,2,
2025-04-25 11:38:32.743764+02:00 [debug] <0.1229.0>                            [{file,"rabbit_auth_backend_http.erl"},{line,236}]},
2025-04-25 11:38:32.743764+02:00 [debug] <0.1229.0>  {rabbit_auth_backend_http,'-q/1-lc$^0/1-0-',1,
2025-04-25 11:38:32.743764+02:00 [debug] <0.1229.0>                            [{file,"rabbit_auth_backend_http.erl"},{line,230}]},
2025-04-25 11:38:32.743764+02:00 [debug] <0.1229.0>  {rabbit_auth_backend_http,'-q/1-lc$^0/1-0-',1,
2025-04-25 11:38:32.743764+02:00 [debug] <0.1229.0>                            [{file,"rabbit_auth_backend_http.erl"},{line,230}]},
2025-04-25 11:38:32.743764+02:00 [debug] <0.1229.0>  {rabbit_auth_backend_http,q,1,
2025-04-25 11:38:32.743764+02:00 [debug] <0.1229.0>                            [{file,"rabbit_auth_backend_http.erl"},{line,230}]},
2025-04-25 11:38:32.743764+02:00 [debug] <0.1229.0>  {rabbit_auth_backend_http,user_login_authentication,2,
2025-04-25 11:38:32.743764+02:00 [debug] <0.1229.0>                            [{file,"rabbit_auth_backend_http.erl"},{line,36}]},
2025-04-25 11:38:32.743764+02:00 [debug] <0.1229.0>  {rabbit_auth_backend_cache,with_cache,3,
2025-04-25 11:38:32.743764+02:00 [debug] <0.1229.0>                             [{file,"rabbit_auth_backend_cache.erl"},
2025-04-25 11:38:32.743764+02:00 [debug] <0.1229.0>                              {line,90}]},
2025-04-25 11:38:32.743764+02:00 [debug] <0.1229.0>  {rabbit_access_control,try_authenticate,3,
2025-04-25 11:38:32.743764+02:00 [debug] <0.1229.0>                         [{file,"rabbit_access_control.erl"},{line,95}]}]

@aaron-seo To run the test locally and from source you can follow these instructions:

  1. From a terminal, launch rabbitmq for the suite that is failing, for instance: suites/authnz-messaging/auth-cache-http-backends.sh
cd selenium
suites/authnz-messaging/auth-cache-http-backends.sh start-rabbitmq

This command starts up RabbitMQ using gmake and configured for the test suite

  1. From another terminal, run these commands. npm install is required the fist time you run the tests. start-others runs any component the test suite depends on. This suite, in particular, needs a mock http backend. It is launched as a docker container and in the background.
cd selenium
npm install
suites/authnz-messaging/auth-cache-http-backends.sh start-others
suites/authnz-messaging/auth-cache-http-backends.sh test
  1. Go to the logs of RabbitMQ

If you do not want to run it from source but directly against a RabbitMQ docker image, all you need to do is run this command (this is explained here):

cd selenium
RABBITMQ_DOCKER_IMAGE=<docker_image:tag> suites/authnz-messaging/auth-cache-http-backends.sh

@michaelklishin
Copy link
Collaborator Author

OK, it had nothing to do with any permissions, so let's close this one and continue in the original PR by @aaron-seo.

@lukebakken lukebakken deleted the rabbitmq-server-13767 branch April 25, 2025 16:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@michaelklishin @MarcialRosales @aaron-seo