Skip to content

Commit 62edf4f

Browse files
michaelklishinmichaelklishin
authored
Merge pull request #15774 from rabbitmq/mergify/bp/v4.2.x/pr-15773
Improve TLS-related `rabbitmq.conf` settings of `amqp_client` (backport #15772) (backport #15773)
2 parents 7881327 + 30abb31 commit 62edf4f

2 files changed

Lines changed: 568 additions & 1 deletion

File tree

deps/rabbit/priv/schema/rabbit.schema

Lines changed: 212 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2927,6 +2927,218 @@ fun(Conf) ->
29272927
end
29282928
end}.
29292929

2930+
%% ----------------------------------------------------------------------------
2931+
%% AMQP client 1.0 TLS options
2932+
%% ----------------------------------------------------------------------------
2933+
2934+
{mapping, "amqp10_client.ssl_options", "amqp10_client.ssl_options", [
2935+
{datatype, {enum, [none]}}
2936+
]}.
2937+
2938+
{translation, "amqp10_client.ssl_options",
2939+
fun(Conf) ->
2940+
case cuttlefish:conf_get("amqp10_client.ssl_options", Conf, undefined) of
2941+
none -> [];
2942+
_ -> cuttlefish:invalid("Invalid amqp10_client.ssl_options")
2943+
end
2944+
end}.
2945+
2946+
{mapping, "amqp10_client.ssl_options.verify", "amqp10_client.ssl_options.verify", [
2947+
{datatype, {enum, [verify_peer, verify_none]}}]}.
2948+
2949+
{mapping, "amqp10_client.ssl_options.cacertfile", "amqp10_client.ssl_options.cacertfile",
2950+
[{datatype, string}, {validators, ["file_accessible"]}]}.
2951+
2952+
{mapping, "amqp10_client.ssl_options.certfile", "amqp10_client.ssl_options.certfile",
2953+
[{datatype, string}, {validators, ["file_accessible"]}]}.
2954+
2955+
{mapping, "amqp10_client.ssl_options.cacerts.$name", "amqp10_client.ssl_options.cacerts",
2956+
[{datatype, string}]}.
2957+
2958+
{translation, "amqp10_client.ssl_options.cacerts",
2959+
fun(Conf) ->
2960+
Settings = cuttlefish_variable:filter_by_prefix("amqp10_client.ssl_options.cacerts", Conf),
2961+
[ list_to_binary(V) || {_, V} <- Settings ]
2962+
end}.
2963+
2964+
{mapping, "amqp10_client.ssl_options.cert", "amqp10_client.ssl_options.cert",
2965+
[{datatype, string}]}.
2966+
2967+
{translation, "amqp10_client.ssl_options.cert",
2968+
fun(Conf) ->
2969+
list_to_binary(cuttlefish:conf_get("amqp10_client.ssl_options.cert", Conf))
2970+
end}.
2971+
2972+
{mapping, "amqp10_client.ssl_options.crl_check", "amqp10_client.ssl_options.crl_check",
2973+
[{datatype, [{enum, [true, false, peer, best_effort]}]}]}.
2974+
2975+
{mapping, "amqp10_client.ssl_options.depth", "amqp10_client.ssl_options.depth",
2976+
[{datatype, integer}, {validators, ["byte"]}]}.
2977+
2978+
{mapping, "amqp10_client.ssl_options.key.RSAPrivateKey", "amqp10_client.ssl_options.key",
2979+
[{datatype, string}]}.
2980+
2981+
{mapping, "amqp10_client.ssl_options.key.DSAPrivateKey", "amqp10_client.ssl_options.key",
2982+
[{datatype, string}]}.
2983+
2984+
{mapping, "amqp10_client.ssl_options.key.PrivateKeyInfo", "amqp10_client.ssl_options.key",
2985+
[{datatype, string}]}.
2986+
2987+
{translation, "amqp10_client.ssl_options.key",
2988+
fun(Conf) ->
2989+
case cuttlefish_variable:filter_by_prefix("amqp10_client.ssl_options.key", Conf) of
2990+
[{[_,_,Key], Val}|_] -> {list_to_atom(Key), list_to_binary(Val)};
2991+
_ -> cuttlefish:unset()
2992+
end
2993+
end}.
2994+
2995+
{mapping, "amqp10_client.ssl_options.keyfile", "amqp10_client.ssl_options.keyfile",
2996+
[{datatype, string}, {validators, ["file_accessible"]}]}.
2997+
2998+
{mapping, "amqp10_client.ssl_options.log_alert", "amqp10_client.ssl_options.log_alert",
2999+
[{datatype, {enum, [true, false]}}]}.
3000+
3001+
{mapping, "amqp10_client.ssl_options.password", "amqp10_client.ssl_options.password",
3002+
[{datatype, string}]}.
3003+
3004+
{mapping, "amqp10_client.ssl_options.psk_identity", "amqp10_client.ssl_options.psk_identity",
3005+
[{datatype, string}]}.
3006+
3007+
{mapping, "amqp10_client.ssl_options.reuse_sessions", "amqp10_client.ssl_options.reuse_sessions",
3008+
[{datatype, {enum, [true, false]}}]}.
3009+
3010+
{mapping, "amqp10_client.ssl_options.secure_renegotiate", "amqp10_client.ssl_options.secure_renegotiate",
3011+
[{datatype, {enum, [true, false]}}]}.
3012+
3013+
{mapping, "amqp10_client.ssl_options.versions.$version", "amqp10_client.ssl_options.versions",
3014+
[{datatype, atom}]}.
3015+
3016+
{translation, "amqp10_client.ssl_options.versions",
3017+
fun(Conf) ->
3018+
Settings = cuttlefish_variable:filter_by_prefix("amqp10_client.ssl_options.versions", Conf),
3019+
[ V || {_, V} <- Settings ]
3020+
end}.
3021+
3022+
{mapping, "amqp10_client.ssl_options.sni", "amqp10_client.ssl_options.server_name_indication",
3023+
[{datatype, [{enum, [none]}, string]}]}.
3024+
3025+
{translation, "amqp10_client.ssl_options.server_name_indication",
3026+
fun(Conf) ->
3027+
case cuttlefish:conf_get("amqp10_client.ssl_options.sni", Conf, undefined) of
3028+
undefined -> cuttlefish:unset();
3029+
none -> disable;
3030+
Hostname -> Hostname
3031+
end
3032+
end}.
3033+
3034+
% ===============================
3035+
% AMQP 0.9.1
3036+
% ===============================
3037+
3038+
%% ----------------------------------------------------------------------------
3039+
%% AMQP client 0.9.1 TLS options
3040+
%% ----------------------------------------------------------------------------
3041+
3042+
{mapping, "amqp_client.ssl_options", "amqp_client.ssl_options", [
3043+
{datatype, {enum, [none]}}
3044+
]}.
3045+
3046+
{translation, "amqp_client.ssl_options",
3047+
fun(Conf) ->
3048+
case cuttlefish:conf_get("amqp_client.ssl_options", Conf, undefined) of
3049+
none -> [];
3050+
_ -> cuttlefish:invalid("Invalid amqp_client.ssl_options")
3051+
end
3052+
end}.
3053+
3054+
{mapping, "amqp_client.ssl_options.verify", "amqp_client.ssl_options.verify", [
3055+
{datatype, {enum, [verify_peer, verify_none]}}]}.
3056+
3057+
{mapping, "amqp_client.ssl_options.cacertfile", "amqp_client.ssl_options.cacertfile",
3058+
[{datatype, string}, {validators, ["file_accessible"]}]}.
3059+
3060+
{mapping, "amqp_client.ssl_options.certfile", "amqp_client.ssl_options.certfile",
3061+
[{datatype, string}, {validators, ["file_accessible"]}]}.
3062+
3063+
{mapping, "amqp_client.ssl_options.cacerts.$name", "amqp_client.ssl_options.cacerts",
3064+
[{datatype, string}]}.
3065+
3066+
{translation, "amqp_client.ssl_options.cacerts",
3067+
fun(Conf) ->
3068+
Settings = cuttlefish_variable:filter_by_prefix("amqp_client.ssl_options.cacerts", Conf),
3069+
[ list_to_binary(V) || {_, V} <- Settings ]
3070+
end}.
3071+
3072+
{mapping, "amqp_client.ssl_options.cert", "amqp_client.ssl_options.cert",
3073+
[{datatype, string}]}.
3074+
3075+
{translation, "amqp_client.ssl_options.cert",
3076+
fun(Conf) ->
3077+
list_to_binary(cuttlefish:conf_get("amqp_client.ssl_options.cert", Conf))
3078+
end}.
3079+
3080+
{mapping, "amqp_client.ssl_options.crl_check", "amqp_client.ssl_options.crl_check",
3081+
[{datatype, [{enum, [true, false, peer, best_effort]}]}]}.
3082+
3083+
{mapping, "amqp_client.ssl_options.depth", "amqp_client.ssl_options.depth",
3084+
[{datatype, integer}, {validators, ["byte"]}]}.
3085+
3086+
{mapping, "amqp_client.ssl_options.key.RSAPrivateKey", "amqp_client.ssl_options.key",
3087+
[{datatype, string}]}.
3088+
3089+
{mapping, "amqp_client.ssl_options.key.DSAPrivateKey", "amqp_client.ssl_options.key",
3090+
[{datatype, string}]}.
3091+
3092+
{mapping, "amqp_client.ssl_options.key.PrivateKeyInfo", "amqp_client.ssl_options.key",
3093+
[{datatype, string}]}.
3094+
3095+
{translation, "amqp_client.ssl_options.key",
3096+
fun(Conf) ->
3097+
case cuttlefish_variable:filter_by_prefix("amqp_client.ssl_options.key", Conf) of
3098+
[{[_,_,Key], Val}|_] -> {list_to_atom(Key), list_to_binary(Val)};
3099+
_ -> cuttlefish:unset()
3100+
end
3101+
end}.
3102+
3103+
{mapping, "amqp_client.ssl_options.keyfile", "amqp_client.ssl_options.keyfile",
3104+
[{datatype, string}, {validators, ["file_accessible"]}]}.
3105+
3106+
{mapping, "amqp_client.ssl_options.log_alert", "amqp_client.ssl_options.log_alert",
3107+
[{datatype, {enum, [true, false]}}]}.
3108+
3109+
{mapping, "amqp_client.ssl_options.password", "amqp_client.ssl_options.password",
3110+
[{datatype, string}]}.
3111+
3112+
{mapping, "amqp_client.ssl_options.psk_identity", "amqp_client.ssl_options.psk_identity",
3113+
[{datatype, string}]}.
3114+
3115+
{mapping, "amqp_client.ssl_options.reuse_sessions", "amqp_client.ssl_options.reuse_sessions",
3116+
[{datatype, {enum, [true, false]}}]}.
3117+
3118+
{mapping, "amqp_client.ssl_options.secure_renegotiate", "amqp_client.ssl_options.secure_renegotiate",
3119+
[{datatype, {enum, [true, false]}}]}.
3120+
3121+
{mapping, "amqp_client.ssl_options.versions.$version", "amqp_client.ssl_options.versions",
3122+
[{datatype, atom}]}.
3123+
3124+
{translation, "amqp_client.ssl_options.versions",
3125+
fun(Conf) ->
3126+
Settings = cuttlefish_variable:filter_by_prefix("amqp_client.ssl_options.versions", Conf),
3127+
[ V || {_, V} <- Settings ]
3128+
end}.
3129+
3130+
{mapping, "amqp_client.ssl_options.sni", "amqp_client.ssl_options.server_name_indication",
3131+
[{datatype, [{enum, [none]}, string]}]}.
3132+
3133+
{translation, "amqp_client.ssl_options.server_name_indication",
3134+
fun(Conf) ->
3135+
case cuttlefish:conf_get("amqp_client.ssl_options.sni", Conf, undefined) of
3136+
undefined -> cuttlefish:unset();
3137+
none -> disable;
3138+
Hostname -> Hostname
3139+
end
3140+
end}.
3141+
29303142
% ===============================
29313143
% Validators
29323144
% ===============================

0 commit comments

Comments
 (0)