diff options
| -rw-r--r-- | deps/rabbit/priv/schema/rabbit.schema | 4 | ||||
| -rw-r--r-- | deps/rabbit/src/rabbit_definitions.erl | 30 | ||||
| -rw-r--r-- | deps/rabbit/src/rabbit_definitions_hashing.erl | 62 | ||||
| -rw-r--r-- | deps/rabbit/src/rabbit_definitions_import_local_filesystem.erl | 9 |
4 files changed, 85 insertions, 20 deletions
diff --git a/deps/rabbit/priv/schema/rabbit.schema b/deps/rabbit/priv/schema/rabbit.schema index f9d316fb7c..9cbab2d37c 100644 --- a/deps/rabbit/priv/schema/rabbit.schema +++ b/deps/rabbit/priv/schema/rabbit.schema @@ -154,10 +154,10 @@ fun(Conf) -> end end}. -{mapping, "definitions.checksum.use_checksum", "rabbit.definitions.use_checksum", [ +{mapping, "definitions.hashing.use_hashing", "rabbit.definitions.use_hashing", [ {datatype, {enum, [true, false]}}]}. -{mapping, "definitions.checksum.checksum_algorithm", "rabbit.definitions.checksum_algorithm", [ +{mapping, "definitions.hashing.algorithm", "rabbit.definitions.hashing_algorithm", [ {datatype, {enum, [sha, sha224, sha256, sha384, sha512]}}]}. %% Load definitions from a remote URL over HTTPS. See diff --git a/deps/rabbit/src/rabbit_definitions.erl b/deps/rabbit/src/rabbit_definitions.erl index 2cbb6db22d..573c472b0e 100644 --- a/deps/rabbit/src/rabbit_definitions.erl +++ b/deps/rabbit/src/rabbit_definitions.erl @@ -20,7 +20,7 @@ %% import -export([import_raw/1, import_raw/2, import_parsed/1, import_parsed/2, apply_defs/2, apply_defs/3, apply_defs/4, apply_defs/5, - should_use_checksum/0, checksum_algorithm/0]). + should_use_hashing/0]). -export([all_definitions/0]). -export([ @@ -185,7 +185,14 @@ maybe_load_definitions_from_pluggable_source(App, Key) -> ModOrAlias -> Mod = normalize_backend_module(ModOrAlias), rabbit_log:debug("Will use module ~s to import definitions", [Mod]), - Mod:load(Proplist) + case should_use_hashing() of + false -> + Mod:load(Proplist); + true -> + Hash = rabbit_definitions_hashing:stored_hash(), + Algo = rabbit_definitions_hashing:hashing_algorithm(), + Mod:load_with_hashing(Proplist, Hash, Algo) + end end end. @@ -233,24 +240,14 @@ atomise_map_keys(Decoded) -> Acc#{rabbit_data_coercion:to_atom(K, utf8) => V} end, Decoded, Decoded). --spec should_use_checksum() -> boolean(). -should_use_checksum() -> +-spec should_use_hashing() -> boolean(). +should_use_hashing() -> case application:get_env(rabbit, definitions) of undefined -> false; {ok, none} -> false; {ok, []} -> false; {ok, Proplist} -> - pget(use_checksum, Proplist, false) - end. - --spec checksum_algorithm() -> {ok, crypto:sha1() | crypto:sha2()}. -checksum_algorithm() -> - case application:get_env(rabbit, definitions) of - undefined -> undefined; - {ok, none} -> undefined; - {ok, []} -> undefined; - {ok, Proplist} -> - pget(checksum_algorithm, Proplist, sha256) + pget(use_hashing, Proplist, false) end. @@ -264,9 +261,6 @@ apply_defs(Map, ActingUser) -> (Map :: #{atom() => any()}, ActingUser :: rabbit_types:username(), VHost :: vhost:name()) -> 'ok' | {error, term()}. -apply_defs(Map, ActingUser, VHost) when is_binary(VHost) -> - apply_defs(Map, ActingUser, fun () -> ok end, VHost); - apply_defs(Map, ActingUser, SuccessFun) when is_function(SuccessFun) -> Version = maps:get(rabbitmq_version, Map, maps:get(rabbit_version, Map, undefined)), try diff --git a/deps/rabbit/src/rabbit_definitions_hashing.erl b/deps/rabbit/src/rabbit_definitions_hashing.erl new file mode 100644 index 0000000000..d4eb9c799d --- /dev/null +++ b/deps/rabbit/src/rabbit_definitions_hashing.erl @@ -0,0 +1,62 @@ +%% This Source Code Form is subject to the terms of the Mozilla Public +%% License, v. 2.0. If a copy of the MPL was not distributed with this +%% file, You can obtain one at https://mozilla.org/MPL/2.0/. +%% +%% Copyright (c) 2007-2022 VMware, Inc. or its affiliates. All rights reserved. +%% +-module(rabbit_definitions_hashing). + +-include("rabbit.hrl"). + +-import(rabbit_misc, [pget/2, pget/3]). + +-export([ + hashing_algorithm/0, + hash/1, + hash/2, + stored_hash/0, + store_hash/1, + store_hash/2 +]). + +-define(DEFAULT_HASHING_ALGORITHM, sha256). +-define(GLOBAL_RUNTIME_PARAMETER_KEY, definitions_hash). + +%% +%% API +%% + +-spec hashing_algorithm() -> {ok, crypto:sha1() | crypto:sha2()}. +hashing_algorithm() -> + case application:get_env(rabbit, definitions) of + undefined -> undefined; + {ok, none} -> undefined; + {ok, []} -> undefined; + {ok, Proplist} -> + pget(hashing_algorithm, Proplist, ?DEFAULT_HASHING_ALGORITHM) + end. + +-spec hash(Value :: term()) -> binary(). +hash(Value) -> + crypto:hash(hashing_algorithm(), Value). + +-spec hash(Algo :: crypto:sha1() | crypto:sha2(), Value :: term()) -> binary(). +hash(Algo, Value) -> + crypto:hash(Algo, term_to_binary(Value)). + +-spec stored_hash() -> binary() | undefined. +stored_hash() -> + case rabbit_runtime_parameters:lookup_global(?GLOBAL_RUNTIME_PARAMETER_KEY) of + not_found -> undefined; + undefined -> undefined; + Proplist -> pget(value, Proplist) + end. + +-spec store_hash(Value :: term()) -> ok. +store_hash(Value0) -> + store_hash(Value0, ?INTERNAL_USER). + +-spec store_hash(Value :: term(), Username :: rabbit_types:username()) -> ok. +store_hash(Value0, Username) -> + Value = rabbit_data_coercion:to_binary(Value0), + rabbit_runtime_parameters:set_global(?GLOBAL_RUNTIME_PARAMETER_KEY, Value, Username). diff --git a/deps/rabbit/src/rabbit_definitions_import_local_filesystem.erl b/deps/rabbit/src/rabbit_definitions_import_local_filesystem.erl index d8e5961128..4840bc9b3b 100644 --- a/deps/rabbit/src/rabbit_definitions_import_local_filesystem.erl +++ b/deps/rabbit/src/rabbit_definitions_import_local_filesystem.erl @@ -14,6 +14,7 @@ load/1, %% classic arguments specific to this source load/2, + load_with_hashing/3, location/0 ]). @@ -56,6 +57,14 @@ load(Proplist) when is_list(Proplist) -> load(IsDir, Path) -> load_from_local_path(IsDir, Path). +load_with_hashing(Defs, undefined = _Hash, _Algo) when is_list(Defs) -> + load(Defs); +load_with_hashing(Defs, PreviousHash, Algo) -> + case rabbit_definitions_hashing:hash(Algo, Defs) of + PreviousHash -> ok; + _ -> load(Defs) + end. + location() -> case location_from_classic_option() of undefined -> location_from_modern_option(); |