FEATURE: Add support for updatable authentication secrets
cressie176 opened this issue · 3 comments
Some authentication protocols expire authentication tokens unless they are refreshed. RabbitMQ supports this via the update-secret operation. amqplib was recently updated to support this, so it would be nice to add something similar to Rascal, along the following lines
broker.updateSecret(vhost, secret, reason, cb)behind the scenes the broker would have to find the correct vhost and call vhost.updateSecret(secret, reason, cb). In turn the vhost would have to call connection.updateSecret(secret, reason, cb)
We need to make the secret semi-permanent, so that if a connection is dropped, Rascal will use the latest secret to reconnect.
Finally we need to consider what to do if the connection had already been dropped. Ideally we would abort (or immediately repeat) any in progress reconnection, using the new token.
Here's how...
- Change tasks/createConnection to prefer a secret from the vhost configuration to the connection password
- Add broker.updateSecret(vhost, secret, reason, cb). This looks up the vhost and calls vhost.updateSecret as below
- Add vhost.updateSecret(secret, reason, cb).
- Update the vhost config with the new secret.
- If there is a connection, calls connection.updateSecret(secret, reason, cb)
- If there is not a connection, registers a listener for the "connect" event, and calls connection.updateSecret(secret, reason, cb) once connected.