hivemq / hivemq-file-rbac-extension Goto Github PK
View Code? Open in Web Editor NEWHiveMQ extension for managing role-based authorization
Home Page: https://www.hivemq.com/extension/file-rbac-extension/
License: Apache License 2.0
HiveMQ extension for managing role-based authorization
Home Page: https://www.hivemq.com/extension/file-rbac-extension/
License: Apache License 2.0
What version of JDK is used in your project?
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These branches will be created by Renovate only once you click their checkbox below.
com.sun.xml.bind:jaxb-impl
, jakarta.xml.bind:jakarta.xml.bind-api
)These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
.github/workflows/check.yml
actions/checkout v4@0ad4b8fadaa221de15dcec353f45205ec38ea70b
actions/setup-java v4@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9
gradle/actions v3@db19848a5fa7950289d3668fb053140cf3028d43
.github/workflows/releaseExtension.yml
actions/checkout v4@0ad4b8fadaa221de15dcec353f45205ec38ea70b
actions/setup-java v4@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9
gradle/actions v3@db19848a5fa7950289d3668fb053140cf3028d43
actions/upload-release-asset v1@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
gradle.properties
settings.gradle.kts
build.gradle.kts
gradle/libs.versions.toml
org.bouncycastle:bcprov-jdk18on 1.78.1
com.github.ben-manes.caffeine:caffeine 3.1.8
org.apache.commons:commons-lang3 3.14.0
org.apache.commons:commons-text 1.12.0
jakarta.xml.bind:jakarta.xml.bind-api 2.3.3
com.sun.xml.bind:jaxb-impl 2.3.9
com.beust:jcommander 1.82
org.jetbrains:annotations 24.1.0
org.mockito:mockito-core 5.11.0
com.hivemq.extension 3.1.0
io.github.sgtsilvio.gradle.defaults 0.2.0
com.github.hierynomus.license 0.16.1
Hello,
It seems it is not possible to configure HiveMQ to use both - RBAC and client certificate auth. If both are enabled then after client certificate is validated HiveMQ ask for username/password from client. That seems to be redundant.
Is there a configuration that for specific listerer I can disable RBAC file extension?
Thnx,
Goran
Use Case: updating credentials.xml with docker
It would be helpful to have the ability to set a custom file path (e.g. environment variable, having them in a sub folder would work as well) for the credentials.xml and extensions-config.xml for better docker compatibility.
Current Behavior: at the moment the two .xml
files reside in the same folder as the .jar
file itself, therefore using docker with an entire folder mapped to /opt/hivemq/extensions/hivemq-file-rbac-extension
would overwrite the contents of the folder including the hivemq-file-rbac-extensionXXX.jar
causing the extension not to be loaded.
Mapping the two files explicitly from the host inside the container /path/on/host/credentials.xml:/opt/hivemq/extensions/hivemq-file-rbac-extension/credentials.xml
and /path/on/host/extension-config.xml:/opt/hivemq/extensions/hivemq-file-rbac-extension/extension-config.xml
works fine until the credentials.xml
is modified (e.g. adding or changing a role) due to this issue: moby/moby#15793 (comment)
The result is a changed file on the host and the file inside the container still being the previous version. Restarting the container will cause the new file to be loaded, however restarting hivemq for adding and removing credentials is highly inconvenient.
Desired Behavior: The ability to change the path where the config files are located to enable the possibility to use folder mounts. With folder mounts the config files changed on the host also change inside the container.
Hello,
I am using this extension to limit topics and their sender and receiver.
i am using configuration like this:
<?xml version="1.0" ?>
<file-rbac>
<users>
<user>
<name>test</name>
<password>PASWORD-HASH</password>
<roles>
<id>role1</id>
</roles>
</user>
</users>
<roles>
<role>
<id>role1</id>
<permissions>
<permission>
<topic>test</topic>
<activity>PUBLISH</activity>
</permission>
</permissions>
</role>
</roles>
</file-rbac>
I can only publish message to test topic using test user, but when i subscribe, i also receive message. When activity is set to SUBSCRIBE, I cannot publish message, as it should be, but when its set to PUBLISH i also can subscribe.
Hi,
I try to pass a user's password hash in from an environment variable. Unfortunately this doesn't work - authentication fails. If I place the same hash inside the xml directly it works.
Is that supposed to work?
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<file-rbac>
<users>
<user>
<name>client</name>
<password>${ENV:PASSWORD_HASH}</password>
<roles>
<id>role</id>
</roles>
</user>
</users>
...
Excuse me, can this plugin be used on hivemq3.4.4 version?
Hi all,
I am trying to configure HiveMQ Broker with RBAC configuration via using configmap. I am deploying it with Kubernetes Operator to K8s cluster. However, configmap I created is set under the conf folder on hivemq-file-rbac-extension and it still continues to read default values. user1/pass1
I would like to be enlightened about point I miss.
I am adding the cm and values file values.
apiVersion: v1
kind: ConfigMap
metadata:
name: hivemq-file-rbac-extension
namespace: {{ .Release.Namespace }}
data:
config.xml: |-
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<file-rbac>
<users>
<user>
<name>test</name>
<password>12345</password>
<roles>
<id>role1</id>
</roles>
</user>
</users>
<roles>
<role>
<id>role1</id>
<permissions>
<permission>
<topic>#</topic>
</permission>
<permission>
<topic>#</topic>
<activity>PUBLISH</activity>
<retain>RETAINED</retain>
</permission>
<permission>
<topic>#</topic>
<activity>SUBSCRIBE</activity>
</permission>
</permissions>
</role>
<role>
<id>superuser</id>
<permissions>
<permission>
<topic>#</topic>
</permission>
</permissions>
</role>
</roles>
</file-rbac>
extension-config.xml: |-
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<extension-configuration>
<!-- Reload interval for credentials in seconds -->
<credentials-reload-interval>60</credentials-reload-interval>
<!-- If the credentials file is using HASHED or PLAIN passwords -->
<password-type>PLAIN</password-type>
</extension-configuration>
- name: hivemq-file-rbac-extension
enabled: true
# Defines if your custom extension supports hot-reload of its configuration, or if it needs to be restarted on configuration changes.
supportsHotReload: true
# The ConfigMap name that contains the extension configuration (will be mounted into the subfolder "conf" of the extension folder).
configMapName: "hivemq-file-rbac-extension"
# The Secret name that contains request headers for the custom extension download.
requestHeaderSecretName: ""
# The URI to download the custom extension (as .zip distribution).
extensionUri: "https://www.hivemq.com/releases/extensions/hivemq-file-rbac-extension-4.5.3.zip"
And also I would like to let you know about error I get when I set credentials.xml instead of config.xml
When I check hivemq-platform object, it want to see config.xml for hivemq-file-rbac-extension CM I created.
And this shows how extension folder looks like
HiveMQ Version : 4.25.1
Opeartor: 1.1.0
Since I am not familiar with XML configuration, I would like to know what I am doing wrong.
If you need more details you want me to provide, please let me know.
Thank you in advance
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.