From da40f1dafa43b87ca71cd79dc8768e424dd1d5a4 Mon Sep 17 00:00:00 2001 From: Szymon Date: Fri, 4 Mar 2016 14:02:35 +0100 Subject: [PATCH] Add ExternalCredentials support When cert-based auth is enabled in RMQ, it is possible to use CN from client-certificate as a username. However to use that feature you need ExternalCredentials instead of PlainCredneitals additional field in configuration was added rabbitmq_external_creds: 0/1 --- beaver/transports/rabbitmq_transport.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/beaver/transports/rabbitmq_transport.py b/beaver/transports/rabbitmq_transport.py index 46d10b84..49f4ff97 100644 --- a/beaver/transports/rabbitmq_transport.py +++ b/beaver/transports/rabbitmq_transport.py @@ -1,6 +1,7 @@ # -*- coding: utf-8 -*- from Queue import Queue import pika +import pika.credentials import ssl from threading import Thread import time @@ -18,7 +19,7 @@ def __init__(self, beaver_config, logger=None): config_to_store = [ 'key', 'exchange', 'username', 'password', 'host', 'port', 'vhost', 'queue', 'queue_durable', 'ha_queue', 'exchange_type', 'exchange_durable', - 'ssl', 'ssl_key', 'ssl_cert', 'ssl_cacert', 'timeout', 'delivery_mode' + 'ssl', 'ssl_key', 'ssl_cert', 'ssl_cacert', 'timeout', 'delivery_mode', 'external_creds' ] for key in config_to_store: @@ -126,10 +127,13 @@ def _connection_start(self): self._logger.error('RabbitMQ: Failed to connect: %s', e) def _connect(self): - credentials = pika.PlainCredentials( - self._rabbitmq_config['username'], - self._rabbitmq_config['password'] - ) + if self._rabbitmq_config['external_creds']: + credentials = pika.credentials.ExternalCredentials() + else: + credentials = pika.PlainCredentials( + self._rabbitmq_config['username'], + self._rabbitmq_config['password'] + ) ssl_options = { 'keyfile': self._rabbitmq_config['ssl_key'], 'certfile': self._rabbitmq_config['ssl_cert'],