英文:
Using SASL EXTERNAL in Go using qpid-proton client library to connect to AMQP 1.0 RabbitMQ
问题
我正在尝试使用自签名证书通过SASL EXTERNAL机制与RabbitMQ建立TLS连接,使用的是https://github.com/apache/qpid-proton提供的golang实现。目标是能够在URI中不指定用户名和密码的情况下连接到RabbitMQ。
RabbitMQ正在以下配置下运行:
auth_mechanisms.1 = EXTERNAL
auth_mechanisms.2 = PLAIN
auth_mechanisms.3 = AMQPLAIN
并且安装了以下插件:
- rabbitmq_amqp1_0
- rabbitmq_auth_mechanism_ssl
我已确认使用Node.js库(https://github.com/amqp/rhea)可以使用SASL EXTERNAL进行连接,并且已确认使用qpid-proton库中的Go可以使用PLAIN和ANONYMOUS进行连接,但无法使用Go进行SASL EXTERNAL连接。
我的客户端代码没有返回任何错误,但是RabbitMQ错误日志告诉我客户端关闭了TCP连接:
2021-06-24 18:57:22.029 [info] <0.16358.106> accepting AMQP connection <0.16358.106> (127.0.0.1:50610 -> 127.0.0.1:5671)
2021-06-24 18:57:23.030 [warning] <0.16358.106> closing AMQP connection <0.16358.106> (127.0.0.1:50610 -> 127.0.0.1:5671):
client unexpectedly closed TCP connection
我的客户端代码如下:
package main
import (
"fmt"
"github.com/apache/qpid-proton/go/pkg/amqp"
"github.com/apache/qpid-proton/go/pkg/electron"
"os"
"crypto/tls"
"io/ioutil"
"crypto/x509"
"time"
)
func main() {
keyPair, err := tls.LoadX509KeyPair("client.crt", "client.key")
if err != nil {
fmt.Println("Failed to load certificate:", err)
os.Exit(1)
}
rootCa, err := ioutil.ReadFile("rootCA.crt")
if err != nil {
fmt.Println("Failed to read root CA:", err)
os.Exit(1)
}
certPool := x509.NewCertPool()
certPool.AppendCertsFromPEM(rootCa)
tlsConfig := &tls.Config{
RootCAs: certPool,
InsecureSkipVerify: true,
Certificates: []tls.Certificate{keyPair},
}
container := electron.NewContainer("myContainer")
tlsConn, err := tls.Dial("tcp", "rabbitmq.default.svc.cluster.local:5671", tlsConfig)
if err != nil {
fmt.Println("Failed to open TLS connection:", err)
os.Exit(1)
}
defer tlsConn.Close()
conn, err := container.Connection(
tlsConn,
electron.SASLEnable(),
electron.SASLAllowedMechs("EXTERNAL"),
)
defer conn.Close(err)
if err != nil {
fmt.Println("Failed to open AMQP connection", err)
os.Exit(1)
}
sess, err := conn.Session()
sender, err := sess.Sender(electron.Target("demo-queue"))
if err != nil {
fmt.Println("Creating sender failed:", err)
os.Exit(1)
}
for i := int64(0); i < 100000 ; i++ {
msg := amqp.NewMessage()
body := fmt.Sprintf("Test message %d", i)
msg.Marshal(body)
sender.SendSync(msg)
time.Sleep(1*time.Second)
}
}
以上是您提供的代码的翻译。
英文:
I am trying to make a TLS connection to RabbitMQ with authentication provided by self-signed certificates through the SASL EXTERNAL mechanism using the golang implementation provided by https://github.com/apache/qpid-proton. The goal is to be able to connect to RabbitMQ without specifying the username and password in the URI.
RabbitMQ is running with the following configuration:
auth_mechanisms.1 = EXTERNAL
auth_mechanisms.2 = PLAIN
auth_mechanisms.3 = AMQPLAIN
and plugins:
- rabbitmq_amqp1_0
- rabbitmq_auth_mechanism_ssl
I have confirmed that I am able to connect with SASL EXTERNAL using a Node.js library (https://github.com/amqp/rhea) and I have confirmed that connecting with PLAIN and ANONYMOUS works with Go in the qpid-proton library but have been unable to connect with SASL EXTERNAL with Go.
My client code does not return any errors, but the RabbitMQ error logs tell me that the client closed the TCP connection
2021-06-24 18:57:22.029 [info] <0.16358.106> accepting AMQP connection <0.16358.106> (127.0.0.1:50610 -> 127.0.0.1:5671)
2021-06-24 18:57:23.030 [warning] <0.16358.106> closing AMQP connection <0.16358.106> (127.0.0.1:50610 -> 127.0.0.1:5671):
client unexpectedly closed TCP connection
My client code is as follows:
package main
import (
"fmt"
"github.com/apache/qpid-proton/go/pkg/amqp"
"github.com/apache/qpid-proton/go/pkg/electron"
"os"
"crypto/tls"
"io/ioutil"
"crypto/x509"
"time"
)
func main() {
keyPair, err := tls.LoadX509KeyPair("client.crt", "client.key")
if err != nil {
fmt.Println("Failed to load certificate:", err)
os.Exit(1)
}
rootCa, err := ioutil.ReadFile("rootCA.crt")
if err != nil {
fmt.Println("Failed to read root CA:", err)
os.Exit(1)
}
certPool := x509.NewCertPool()
certPool.AppendCertsFromPEM(rootCa)
tlsConfig := &tls.Config{
RootCAs: certPool,
InsecureSkipVerify: true,
Certificates: []tls.Certificate{keyPair},
}
container := electron.NewContainer("myContainer")
tlsConn, err := tls.Dial("tcp", "rabbitmq.default.svc.cluster.local:5671", tlsConfig)
if err != nil {
fmt.Println("Failed to open TLS connection:", err)
os.Exit(1)
}
defer tlsConn.Close()
conn, err := container.Connection(
tlsConn,
electron.SASLEnable(),
electron.SASLAllowedMechs("EXTERNAL"),
)
defer conn.Close(err)
if err != nil {
fmt.Println("Failed to open AMQP connection", err)
os.Exit(1)
}
sess, err := conn.Session()
sender, err := sess.Sender(electron.Target("demo-queue"))
if err != nil {
fmt.Println("Creating sender failed:", err)
os.Exit(1)
}
for i := int64(0); i < 100000 ; i++ {
msg := amqp.NewMessage()
body := fmt.Sprintf("Test message %d", i)
msg.Marshal(body)
sender.SendSync(msg)
time.Sleep(1*time.Second)
}
}
答案1
得分: 0
这不是使用qpid-proton客户端库的解决方案,但我最终使用https://github.com/Azure/go-amqp来通过SASL EXTERNAL连接到RabbitMQ。这个库最近添加了这个功能。
英文:
This isn't a solution for using the qpid-proton client library but I ended up using https://github.com/Azure/go-amqp to connect to RabbitMQ through SASL EXTERNAL. This library recently had the functionality added.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论