How to specify authentication mechanism

Question

How to specify authentication mechanism

uqix opened this issue 3 years ago · 8 comments

The server is configured with tls enabled, then try to publish:

echo hello | ./rabtap pub --uri=amqps://admin:secret@some.server:30047/ --exchange=amq.direct --routingkey=test \
                      --tls-ca-file=... \
                      --tls-cert-file=... \
                      --tls-key-file=...

error:

ERROR[0000] session: cannot (re-)dial: Exception (403) Reason: "SASL could not negotiate a shared mechanism": "amqps://admin:secret@some.server:30047/" 
ERROR[0000] publish: session factory closed

Answer 1 · 2022-05-27T11:09:48.000Z

When using mTLS, it is not possible to also specify credentials in the RabbitMQ connection string (admin:secret). You can test rabtap with mTLS locally with the provided integration test:

First create keys and certificates:

$ cd inttest/pki
$ ./mkcerts.sh

Then start RabbitMQ with mTLS configured:

$ cd ../rabbitmq
$ docker-compose up

In a second terminal no try the following:

$ cd inttest/pki/certs
$ echo hello | rabtap --uri amqps://localhost:5671 pub --exchange amq.fanout \
                                  --tls-key-file testuser.key \
                                  --tls-cert-file testuser.crt \
                                  --tls-ca-file ca.crt

Answer 2 · 2022-05-31T10:09:54.000Z

@uqix could you try connecting as desribed?

Answer 3 · 2022-06-01T02:49:17.000Z

We need mTLS(not EXTERNAL auth mechanism) and username/password(PLAIN) at the same time

Answer 4 · 2022-06-02T08:23:13.000Z

Ok, I can reproduce the problem. In order to get the error, the RabbitMQ configuration needs to something like

auth_mechanisms.1 = PLAIN       <======
#auth_mechanisms.2 = EXTERNAL

listeners.ssl.default = 5671
ssl_options.cacertfile = /certs/ca.crt
ssl_options.certfile   = /certs/server.crt
ssl_options.keyfile    = /certs/server.key
ssl_options.verify     = verify_peer   <====
ssl_options.fail_if_no_peer_cert = true   <====

I'll see how to fix that

Answer 5 · 2022-06-05T19:31:32.000Z

@uqix I've change authentication so that explicitly provided credentials will always be used with PLAIN auth. You can install the version with (will be installed in $GOPATH/bin/go):

$ go install github.com/jandelgado/rabtap/cmd/rabtap@998ec440860d8daf21c7656ae94c443bb50ca358

Does it solve your problen?

Answer 6 · 2022-06-07T01:23:40.000Z

I'm not a go developer, help needed here:

brew install go 
go install github.com/jandelgado/rabtap/cmd/rabtap@998ec440860d8daf21c7656ae94c443bb50ca358

error log:

go: downloading github.com/jandelgado/rabtap v0.0.0-20220605192011-998ec440860d
go: downloading github.com/Knetic/govaluate v0.0.0-20171022003610-9aa49832a739
go: downloading github.com/fatih/color v1.7.0
go: downloading github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815
go: downloading github.com/mattn/go-colorable v0.1.1
go: downloading github.com/rabbitmq/amqp091-go v1.3.4
go: downloading github.com/sirupsen/logrus v1.3.0
go: downloading golang.org/x/sync v0.0.0-20190423024810-112230192c58
go: downloading github.com/google/uuid v1.1.1
go: downloading golang.org/x/net v0.0.0-20190620200207-3b0461eec859
go: downloading gopkg.in/tomb.v2 v2.0.0-20161208151619-d5d1b5820637
go: downloading github.com/mattn/go-isatty v0.0.6
go: downloading golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550
go: downloading golang.org/x/sys v0.0.0-20190412213103-97732733099d
# golang.org/x/sys/unix
go/pkg/mod/golang.org/x/sys@v0.0.0-20190412213103-97732733099d/unix/zsyscall_darwin_amd64.go:28:3: //go:linkname must refer to declared function or variable
go/pkg/mod/golang.org/x/sys@v0.0.0-20190412213103-97732733099d/unix/zsyscall_darwin_amd64.go:43:3: //go:linkname must refer to declared function or variable
go/pkg/mod/golang.org/x/sys@v0.0.0-20190412213103-97732733099d/unix/zsyscall_darwin_amd64.go:59:3: //go:linkname must refer to declared function or variable
go/pkg/mod/golang.org/x/sys@v0.0.0-20190412213103-97732733099d/unix/zsyscall_darwin_amd64.go:75:3: //go:linkname must refer to declared function or variable
go/pkg/mod/golang.org/x/sys@v0.0.0-20190412213103-97732733099d/unix/zsyscall_darwin_amd64.go:90:3: //go:linkname must refer to declared function or variable
go/pkg/mod/golang.org/x/sys@v0.0.0-20190412213103-97732733099d/unix/zsyscall_darwin_amd64.go:105:3: //go:linkname must refer to declared function or variable
go/pkg/mod/golang.org/x/sys@v0.0.0-20190412213103-97732733099d/unix/zsyscall_darwin_amd64.go:121:3: //go:linkname must refer to declared function or variable
go/pkg/mod/golang.org/x/sys@v0.0.0-20190412213103-97732733099d/unix/zsyscall_darwin_amd64.go:136:3: //go:linkname must refer to declared function or variable
go/pkg/mod/golang.org/x/sys@v0.0.0-20190412213103-97732733099d/unix/zsyscall_darwin_amd64.go:151:3: //go:linkname must refer to declared function or variable
go/pkg/mod/golang.org/x/sys@v0.0.0-20190412213103-97732733099d/unix/zsyscall_darwin_amd64.go:166:3: //go:linkname must refer to declared function or variable
go/pkg/mod/golang.org/x/sys@v0.0.0-20190412213103-97732733099d/unix/zsyscall_darwin_amd64.go:166:3: too many errors

Answer 7 · 2022-06-07T19:20:09.000Z

@uqix you can try to download a snapshot-binary here: https://github.com/jandelgado/rabtap/suites/6832720947/artifacts/263278437

Answer 8 · 2022-06-08T07:04:31.000Z

Tested and fixed, thanks