hivemq / hivemq-file-rbac-extension Goto Github PK

What version of JDK is used in your project?

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Pending Approval

These branches will be created by Renovate only once you click their checkbox below.

• Update all major dependencies to v4 (major) (com.sun.xml.bind:jaxb-impl, jakarta.xml.bind:jakarta.xml.bind-api)

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• Update dependency org.mockito:mockito-core to v5.12.0

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

Hello,

It seems it is not possible to configure HiveMQ to use both - RBAC and client certificate auth. If both are enabled then after client certificate is validated HiveMQ ask for username/password from client. That seems to be redundant.

Is there a configuration that for specific listerer I can disable RBAC file extension?

Thnx,
Goran

Use Case: updating credentials.xml with docker
It would be helpful to have the ability to set a custom file path (e.g. environment variable, having them in a sub folder would work as well) for the credentials.xml and extensions-config.xml for better docker compatibility.

Current Behavior: at the moment the two .xml files reside in the same folder as the .jar file itself, therefore using docker with an entire folder mapped to /opt/hivemq/extensions/hivemq-file-rbac-extension would overwrite the contents of the folder including the hivemq-file-rbac-extensionXXX.jar causing the extension not to be loaded.
Mapping the two files explicitly from the host inside the container /path/on/host/credentials.xml:/opt/hivemq/extensions/hivemq-file-rbac-extension/credentials.xml and /path/on/host/extension-config.xml:/opt/hivemq/extensions/hivemq-file-rbac-extension/extension-config.xml works fine until the credentials.xml is modified (e.g. adding or changing a role) due to this issue: moby/moby#15793 (comment)
The result is a changed file on the host and the file inside the container still being the previous version. Restarting the container will cause the new file to be loaded, however restarting hivemq for adding and removing credentials is highly inconvenient.

Desired Behavior: The ability to change the path where the config files are located to enable the possibility to use folder mounts. With folder mounts the config files changed on the host also change inside the container.

Hello,
I am using this extension to limit topics and their sender and receiver.

i am using configuration like this:

<?xml version="1.0" ?>
<file-rbac>
<users>
<user>
    <name>test</name>		 
   <password>PASWORD-HASH</password>
    <roles>
        <id>role1</id>
    </roles>
</user>
</users>
<roles>
    <role>
        <id>role1</id>
    <permissions>
	<permission>
	    <topic>test</topic>
	    <activity>PUBLISH</activity>
	</permission>	
    </permissions>	
  </role>
</roles>
</file-rbac>

I can only publish message to test topic using test user, but when i subscribe, i also receive message. When activity is set to SUBSCRIBE, I cannot publish message, as it should be, but when its set to PUBLISH i also can subscribe.

Hi,

I try to pass a user's password hash in from an environment variable. Unfortunately this doesn't work - authentication fails. If I place the same hash inside the xml directly it works.

Is that supposed to work?

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<file-rbac>
    <users>
        <user>
            <name>client</name>
            <password>${ENV:PASSWORD_HASH}</password>
            <roles>
                <id>role</id>
            </roles>
        </user>
    </users>
...

Excuse me, can this plugin be used on hivemq3.4.4 version?

Hi all,

I am trying to configure HiveMQ Broker with RBAC configuration via using configmap. I am deploying it with Kubernetes Operator to K8s cluster. However, configmap I created is set under the conf folder on hivemq-file-rbac-extension and it still continues to read default values. user1/pass1
I would like to be enlightened about point I miss.

I am adding the cm and values file values.

apiVersion: v1
kind: ConfigMap
metadata:
  name: hivemq-file-rbac-extension
  namespace: {{ .Release.Namespace }}
data:
  config.xml: |-
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <file-rbac>
        <users>
            <user>
                <name>test</name>
                <password>12345</password>
                <roles>
                    <id>role1</id>
                </roles>
            </user>
        </users>
        <roles>
            <role>
                <id>role1</id>
                <permissions>
                    <permission>
                        <topic>#</topic>
                    </permission>
                    <permission>
                        <topic>#</topic>
                        <activity>PUBLISH</activity>
                        <retain>RETAINED</retain>
                    </permission>
                    <permission>
                        <topic>#</topic>
                        <activity>SUBSCRIBE</activity>
                    </permission>
                </permissions>
            </role>
            <role>
                <id>superuser</id>
                <permissions>
                    <permission>
                        <topic>#</topic>
                    </permission>
                </permissions>
            </role>
        </roles>
    </file-rbac>

  extension-config.xml: |-
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <extension-configuration>
    
        <!-- Reload interval for credentials in seconds -->
        <credentials-reload-interval>60</credentials-reload-interval>
    
        <!-- If the credentials file is using HASHED or PLAIN passwords -->
        <password-type>PLAIN</password-type>
    
    </extension-configuration>

  - name: hivemq-file-rbac-extension
    enabled: true
    # Defines if your custom extension supports hot-reload of its configuration, or if it needs to be restarted on configuration changes.
    supportsHotReload: true
    # The ConfigMap name that contains the extension configuration (will be mounted into the subfolder "conf" of the extension folder).
    configMapName: "hivemq-file-rbac-extension"
    # The Secret name that contains request headers for the custom extension download.
    requestHeaderSecretName: ""
    # The URI to download the custom extension (as .zip distribution).
    extensionUri: "https://www.hivemq.com/releases/extensions/hivemq-file-rbac-extension-4.5.3.zip"

And also I would like to let you know about error I get when I set credentials.xml instead of config.xml

When I check hivemq-platform object, it want to see config.xml for hivemq-file-rbac-extension CM I created.

And this shows how extension folder looks like

HiveMQ Version : 4.25.1
Opeartor: 1.1.0

Since I am not familiar with XML configuration, I would like to know what I am doing wrong.
If you need more details you want me to provide, please let me know.

Thank you in advance