rabbitmq-server
rabbitmq-server copied to clipboard
rabbitmq
Support virtual host as a path variable
Currently, this plugin supports GET and POST HTTP methods.
For GET requests, vhost is a part of query params like so:
{user_path, "https://ahost1:8080/auth/user?vhost=vhost01&username=user01&password=1234"}
{vhost_path, "https://ahost1:8080/auth/vhost?vhost=vhost01&username=user01}
For POST requests, vhost is a part of request payload. We want support for vhost as a path parameter in both methods.
Something like this:
{user_path, "https://ahost1:8080/auth/user/{vhost}"}
{vhost_path, "https://ahost1:8080/auth/vhost/{vhost}"}
So that we are able to define a URL/path based routing rule in application gateways and httpd servers.
As vhost is a specific resource, then can it be a URL path parameter. Previously discussed in rabbitmq/rabbitmq-auth-backend-http#96.
The {vhost} path variable could be in every endpoint (user_path, vhost_path, resource_path, and topic_path)?
Note the virtual host is not available in the user_path call, so it won't be possible to have it as a path variable for this specific URI. Does that make sense?
@acogoluegnes Yes {vhost} path variable should in every endpoint.
Also, We have observed vhost comes as kind of optional query param in user_path call as well. I checked and it sends vhost value as well like when a authentication call is from web_mqtt plugin. My current service signature for user_path backend has a vhost param :
public ResponseEntity<?> user(@RequestParam("username") String username,
@RequestParam("password") String password,@RequestParam(value="vhost",required = false) String vhost)
The virtual host is propagated for protocols like STOMP and MQTT, but not for AMQP. Let me see if there's something we can do about it.
user_path is an authentication endpoint. Why would anyone need a virtual host as an argument there?
The virtual host cannot be propagated to user_path for AMQP connections. The fact it's propagated for protocols like STOMP and MQTT is just a lucky circumstance.
Agreed for user_path @michaelklishin @acogoluegnes
Would need {vhost} in services other than user_path. Still if optionally mqtt & stomp can propagate no harm for us i guess :)
Yes, the propagation should not change, it's just the {vhost} replacement won't be available for user_path for AMQP connections.
@acogoluegnes Hey Arnaud, what is the process now to achieve this change?
We'll add this task to our backlog. We provide no ETA. A PR is always welcome and will be reviewed.
OK @acogoluegnes . How would you suggest us doing this change? your guidance will help :)
@devansharora68 LDAP is one implementation of the authZ interface that supports variables (and here are the end user docs). rabbit_auth_backend_http is the module that implements it in this plugin.
@devansharora68 are you still interested on this feature? or can we close it?
To implement it, we suggest adding a new setting where you can configure which variables should be propagated as query parameters, when using POST method. Any variable supported by the endpoint, except username, would be supported.
Will this work for you? or do you really need vhost in the path rather than as query parameter? cannot your proxy use query parameters instead of path to make routing decisions?
