Added options to AMSlib to connect to RMQ server without TLS certiticate

Signed-off-by: Loic Pottier <pottier1@llnl.gov>
LLNL · Oct 1, 2024 · cb35511 · cb35511
1 parent e0aa8f2
commit cb35511
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 3 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -473,6 +473,7 @@ jobs:
             \"domain_models\": {}
           }""" > $GITHUB_WORKSPACE/tests/AMSlib/rmq.json
 
+          cat $GITHUB_WORKSPACE/tests/AMSlib/rmq.json
           ctest --output-on-failure -R AMSEndToEndFromJSON::NoModel::Double::DB::rmq::HOST
         env:
           RABBITMQ_USER: guest

diff --git a/src/AMSlib/AMS.cpp b/src/AMSlib/AMS.cpp
@@ -378,7 +378,6 @@ class AMSWrap
         getEntry<std::string>(rmq_entry, "rabbitmq-password");
     std::string rmq_user = getEntry<std::string>(rmq_entry, "rabbitmq-user");
     std::string rmq_vhost = getEntry<std::string>(rmq_entry, "rabbitmq-vhost");
-    std::string rmq_cert = getEntry<std::string>(rmq_entry, "rabbitmq-cert");
     std::string rmq_out_queue =
         getEntry<std::string>(rmq_entry, "rabbitmq-outbound-queue");
     std::string exchange =
@@ -387,6 +386,11 @@ class AMSWrap
         getEntry<std::string>(rmq_entry, "rabbitmq-routing-key");
     bool update_surrogate = getEntry<bool>(entry, "update_surrogate");
 
+    // We allow connection to RabbitMQ without TLS certificate
+    std::string rmq_cert = "";
+    if (rmq_entry.contains("rabbitmq-cert"))
+      rmq_cert = getEntry<std::string>(rmq_entry, "rabbitmq-cert");
+
     auto &DB = ams::db::DBManager::getInstance();
     DB.instantiate_rmq_db(port,
                           host,

diff --git a/src/AMSlib/wf/basedb.hpp b/src/AMSlib/wf/basedb.hpp
@@ -1010,7 +1010,7 @@ class AMSMessageInbound
 class RMQHandler : public AMQP::LibEventHandler
 {
 protected:
-  /** @brief Path to TLS certificate */
+  /** @brief Path to TLS certificate (if empty, no TLS certificate)*/
   std::string _cacert;
   /** @brief MPI rank (0 if no MPI support) */
   uint64_t _rId;
@@ -1035,7 +1035,7 @@ class RMQHandler : public AMQP::LibEventHandler
    */
   RMQHandler(uint64_t rId,
              std::shared_ptr<struct event_base> loop,
-             std::string cacert);
+             std::string cacert = "");
 
   ~RMQHandler() = default;
 

diff --git a/src/AMSlib/wf/rmqdb.cpp b/src/AMSlib/wf/rmqdb.cpp
@@ -261,6 +261,9 @@ bool RMQHandler::connectionValid()
 
 bool RMQHandler::onSecuring(AMQP::TcpConnection* connection, SSL* ssl)
 {
+  // No TLS certificate provided
+  if (_cacert.empty()) return true;
+
   ERR_clear_error();
   unsigned long err;
 #if OPENSSL_VERSION_NUMBER < 0x10100000L

diff --git a/tests/AMSlib/verify_rmq.py b/tests/AMSlib/verify_rmq.py
@@ -25,6 +25,7 @@ def verify(
     cert = None
     if "rabbitmq-cert" in rmq_json:
         cert = rmq_json["rabbitmq-cert"]
+        cert = None if cert == "" else cert
 
     dtype = 4
     if data_type == "double":