oslo.messaging

AMQP 1.0 driver does not support authentication

Bug #1385445 reported by Ken Giusti
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
oslo.messaging
Fix Released
Undecided
Ken Giusti
oslo.messaging 1.5.0

Bug Description

A TransportURL allows user credentials to be passed to the broker via the URL. For example:

qpid://user:<email address hidden>:5672

will authenticate the connecting client using the username 'user' and password 'password' from the URL string.

This feature is not supported by the AMQP 1.0 driver. Example:

./my-server.py --url amqp://guest:guest@192.168.122.54 Server01
Running server, name=Server01 exchange=my-exchange topic=my-topic namespace=my-namespace
WARNING:oslo.messaging._drivers.protocols.amqp.driver:Support for the 'amqp' transport is EXPERIMENTAL.
Using QPID topology version 2
INFO:oslo.messaging._drivers.protocols.amqp.controller:Messaging is active (192.168.122.54:5672)

ERROR:oslo.messaging._drivers.protocols.amqp.controller:Reply subscription closed by peer: Condition('amqp:unauthorized-access', 'ACL denied access request to container-60b5c2bb694d4fbba20855a5b87a8014_replies from anonymous@QPID (/builddir/build/BUILD/qpid-0.26/cpp/src/qpid/broker/amqp/Authorise.cpp:144)')

ERROR:oslo.messaging._drivers.protocols.amqp.controller:Server subscription exclusive.my-exchange.my-topic.Server01 closed by peer: Condition('amqp:unauthorized-access', 'ACL denied access request to exclusive.my-exchange.my-topic.Server01 from anonymous@QPID (/builddir/build/BUILD/qpid-0.26/cpp/src/qpid/broker/amqp/Authorise.cpp:144)')

Ken Giusti (kgiusti)
Changed in oslo.messaging:
assignee: nobody → Ken Giusti (kgiusti)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to oslo.messaging (master)

Fix proposed to branch: master
Review: https://review.openstack.org/132286

Changed in oslo.messaging:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to oslo.messaging (master)

Reviewed: https://review.openstack.org/132286
Committed: https://git.openstack.org/cgit/openstack/oslo.messaging/commit/?id=f43fe66be05cbad316a835f3308188515a93b6eb
Submitter: Jenkins
Branch: master

commit f43fe66be05cbad316a835f3308188515a93b6eb
Author: Kenneth Giusti <email address hidden>
Date: Wed Oct 29 17:39:40 2014 -0400

    Enable user authentication in the AMQP 1.0 driver

    The TransportHost class allows user credentials to be supplied as part
    of the URL that identifies the host. Prior to this patch, these
    credentials - username and password - were ignored by the AMQP 1.0
    driver. This prevents connections to a message broker that has been
    configured to use SASL PLAIN authentication.

    Closes-Bug: #1385445
    Change-Id: Ib9279ed40b0f4cff62e1c742069c8f49f5625659

Changed in oslo.messaging:
status: In Progress → Fix Committed
Mehdi Abaakouk (sileht)
Changed in oslo.messaging:
milestone: none → 1.5.0
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.