New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTTP API: allow connections to be listed and closed by username #5319
HTTP API: allow connections to be listed and closed by username #5319
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I fixed the whitespace and one compilation warning. This API is different (and better!) than what was previously described.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of only supporting DELETE
, we should support GET
as well to list connections by username.
I'm not 100% convinced that /connections/username
is the best REST resource for this. @michaelklishin thoughts? How about this
/connections?username=FOO
I think the version with the query parameter makes the most sense. I'll see if we do something similar elsewhere in the API.
Good discussion here: https://stackoverflow.com/questions/34244627/getting-a-resource-using-another-resources-id-naming-in-rest-api
@NuwanSameera please note the API docs will have to be updated as well - https://github.com/rabbitmq/rabbitmq-server/blob/master/deps/rabbitmq_management/priv/www/api/index.html
@lukebakken I updated API docs for DELETE API. Also I enabled and check for GET request for same code. But it gave 500 error. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @NuwanSameera -
Also I enabled and check for GET request for same code. But it gave 500 error.
I don't see changes in your pull request for enabling GET
. Did you push them to your fork at https://github.com/NuwanSameera/rabbitmq-server.git ?
6116a46
to
aa9bbb6
Compare
@lukebakken Enabled GET method to get all connections by username. |
An overly generic endpoint that allows filtering by every potential argument will quickly |
@NuwanSameera thank you for considering to contribute. This looks like a promising start. Note that we are about to switch from Mnesia tables to a node-local ETS one for connection tracking in #5301. This is significantly That means that this PR will have to change to adapt and for 3.10, we'd have to submit |
Have any additional work need to do from myside. |
Thanks a lot for taking the time to work on a feature you need! CLI support already exists: #2771. There's some code that could be shared:
|
@mkuratczyk I updated code with suggested methods. List all connections method is working properly. Following method every time return empty list. So condition false every time. Any mistake in my code ? |
I've just tested the current state of the PR and it seems to work for me:
|
@mkuratczyk It is working for AMQP connections. But not work for MQTT connections. |
MQTT connections likely use a separate set of functions that lists them. Querying tables I'd wait for #5301 to be finished, then use whatever newer version of the connection tracking API we would end up with, then backport |
I updated PR with changing delete method. It is tested with MQTT connections. Also removed duplicate list connection method. Is it able to get official docker image with these APIs ? |
The official image ( |
AFAIK all PRs related to connection tracking are in. @NuwanSameera can you please rebase and we will QA? Thank you. |
@michaelklishin |
@NuwanSameera simply pull |
957378d
to
e067c05
Compare
@michaelklishin pushed changes to my fork branch. But it is not compile. Following error getting when executing
|
There were quite a few changes in master in the last week or so. You have to run
from repo root. |
@michaelklishin It also gave an error.
Is latest PR work for you? |
does successfully build for me. So does running a node from source using
I use Bazel exclusively these days but it's clearly an issue you'd run into with Make when you switch branches or rebase as master moves quickly. You can try
to clean all the core bits that have changed recently and recompile them. |
@michaelklishin work after following your suggested steps. I tested list and close connections with latest code. It is working fine. Thank you. |
@NuwanSameera we decided to keep your original API -
|
Format code Fix whitespace, fix warning Update API docs Remove blank lines Add get all connections by username Fix method name issue Enable GET method to get connections by username Update API documentation Modify list all connections of username method Remove list_by_username method and modify get all connections of user API Code formatting, break up lines for readability Refactor code to use pattern matching more effectively Typo
8b12642
to
6eb2630
Compare
I will take a look first thing tomorrow morning |
HTTP API: allow connections to be listed and closed by username (backport #5319)
Have any estimated date to release this feature ? |
It will ship in 3.11.0. We do not make any ETA promises. |
In the release note of
|
3.11 release notes: reword as suggested in #5319
(cherry picked from commit 3dcaaf3)
and rabbitmq/rabbitmq-server#5319. Currently skipped, as they will fail on all GA releases available right now. They do pass against RabbitMQ main and 3.12, 3.11 release branches with a backport.
This shipped with a bug where for un(der)privileged users these new endpoints failed with a 500, addressed in #8483. It now also has some test coverage in michaelklishin/rabbit-hole#271. |
This feature was added to RabbitMQ management plugin. New HTTP API added to delete connection by username.
Following is the API
/api/connections/username/admin-test
Current implementation provides delete connection by connection name. Connection name doesn't have known parameters. User name is a known parameter. This feature is important to delete connection programmatically in SSL certificate login enable server. In this case user name contains client CN key of the certificate.
If RabbitMQ uses custom authentication backend, this feature is very useful. We can implement logic to find valid CN key and we can remove connection if that logic says username is invalid. With this implementation we can block reconnection.
See: